Restricted SSH access
John Summerfield
debian at herakles.homelinux.org
Fri Oct 26 22:54:07 UTC 2007
Alan Cox wrote:
>> tried with assigning a user /bin/bash console with -r (restricted)
>> parameter (set it up on /etc/passwd)
>> but then I couldn't log on with putty or WinSCP to system.
>> Any ideas for simple solution for my problem?
>>
>> P.S. Somebody might ask why would somebody use ssh for that limited
>> access. Answer is that it must be supported, project specifications...
>
> Firstly the shell in /etc doesn't include an argument setting so you want
> to run /bin/rbash (and link bash to rbash)
>
> Secondly you'll need to carefully set up your apps to have no holes
>
> Thirdly make sure that they cant redirect into their own home directory
> files (make the dir r/o and the files r/o)
>
> Finally if you want them to use things like ftp you'll need to
> put /bin/rbash into /etc/shells. You may well not want to do that bit of
> course.
>
> Alan
>
You might also look at hacking on busybox.
--
Cheers
John
-- spambait
1aaaaaaa at coco.merseine.nu Z1aaaaaaa at coco.merseine.nu
-- Advice
http://webfoot.com/advice/email.top.php
http://www.catb.org/~esr/faqs/smart-questions.html
http://support.microsoft.com/kb/555375
Please do not reply off-list
More information about the fedora-list
mailing list