HowTo Disable execution of commands whit ssh and scp/sftp
From: Dario Lesca (d.lesca_at_solinos.it)
Date: 03/23/04
- Previous message: Darren Tucker: "Re: Strange SCP problem"
- Next in thread: Burak Bilen: "Re: HowTo Disable execution of commands whit ssh and scp/sftp"
- Reply: Burak Bilen: "Re: HowTo Disable execution of commands whit ssh and scp/sftp"
- Reply: Dmitry Surovtsev: "Re: HowTo Disable execution of commands whit ssh and scp/sftp"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: secureshell@securityfocus.com Date: Tue, 23 Mar 2004 10:10:35 +0100
Hi, i am not subsribe to ML, but I have a simple question, if I must
subscribe to ML for post, I will do it.
My question:
Howto allow only the execution of one procedure via ssh an disable the
execution of any other command and the scp/sftp service?
OK; ssh user@host
NO: ssh user@host cat /etc/passwd
NO: scp user@host:/etc/passwd /tmp
NO: sftp user@host
I have found this solution, is a bad solution or not?
The target (for example) is assign to remote generic user the
possibility to run a single command (setup, or another), and only that
one!
[root@igloo root]# cat /usr/local/bin/ssh.sh
#!/bin/bash
echo $0 $*
export DISPLAY=
exec /usr/bin/setup
[root@igloo root]# chmod 755 /usr/local/bin/ssh.sh
[root@igloo root]# useradd -s /usr/local/bin/ssh.sh sshuser
[root@igloo root]# passwd sshuser
Now Test all the metod
> >OK; ssh user@host
[root@igloo root]# ssh sshuser@localhost
sshuser@localhost's password:
/usr/local/bin/ssh.sh
You are attempting to run "setup" which requires administrative
privileges, but more information is needed in order to do so.
Password for root:<CTRL C>
Connection to localhost closed.
[root@igloo root]#
Ok, the command run propertly! ...
... via sudo then I can disable the password request ...
Now test other case ... I do not want that these work ....
> >NO: ssh user@host cat /etc/passwd
[root@igloo root]# ssh sshuser@localhost cat /etc/passwd
sshuser@localhost's password:
/usr/local/bin/ssh.sh -c cat /etc/passwd
[root@igloo root]#
NOT WORK! good!
> >NO: scp user@host:/etc/passwd .
[root@igloo root]# scp sshuser@localhost:/etc/passwd .
sshuser@localhost's password:
/usr/local/bin/ssh.sh -c scp -f /etc/passwd
[root@igloo root]# ls passwd
ls: passwd: No such file or directory
[root@igloo root]#
NOT WORK! good!
> >NO: sftp user@host
[root@igloo root]# sftp sshuser@localhost
Connecting to localhost...
sshuser@localhost's password:
Received message too long 796226418
[root@igloo root]#
NOT WORK!
This is all .... some suggest?
Many thank for your attention.
-- Dario Lesca <d.lesca@solinos.it>
- Previous message: Darren Tucker: "Re: Strange SCP problem"
- Next in thread: Burak Bilen: "Re: HowTo Disable execution of commands whit ssh and scp/sftp"
- Reply: Burak Bilen: "Re: HowTo Disable execution of commands whit ssh and scp/sftp"
- Reply: Dmitry Surovtsev: "Re: HowTo Disable execution of commands whit ssh and scp/sftp"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
