Re: HowTo Disable execution of commands whit ssh and scp/sftp
From: Burak Bilen (bilen_at_metu.edu.tr)
Date: 03/24/04
- Previous message: Markus Karg: "How To Limit SFTP client's access?"
- In reply to: Dario Lesca: "HowTo Disable execution of commands whit ssh and scp/sftp"
- Next in thread: Dmitry Surovtsev: "Re: HowTo Disable execution of commands whit ssh and scp/sftp"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 24 Mar 2004 09:56:30 +0200 To: Dario Lesca <d.lesca@solinos.it>
you can use rbash(restricted bash) and allow users to run only the
commands that you let them to use.
for disabling sftp you can comment the following line in the sshd2_config:
# subsystem-sftp sftp-server
Dario Lesca wrote:
>Hi, i am not subsribe to ML, but I have a simple question, if I must
>subscribe to ML for post, I will do it.
>
>My question:
>
>Howto allow only the execution of one procedure via ssh an disable the
>execution of any other command and the scp/sftp service?
>
>OK; ssh user@host
>NO: ssh user@host cat /etc/passwd
>NO: scp user@host:/etc/passwd /tmp
>NO: sftp user@host
>
>I have found this solution, is a bad solution or not?
>
>The target (for example) is assign to remote generic user the
>possibility to run a single command (setup, or another), and only that
>one!
>
>[root@igloo root]# cat /usr/local/bin/ssh.sh
>#!/bin/bash
>echo $0 $*
>export DISPLAY=
>exec /usr/bin/setup
>[root@igloo root]# chmod 755 /usr/local/bin/ssh.sh
>[root@igloo root]# useradd -s /usr/local/bin/ssh.sh sshuser
>[root@igloo root]# passwd sshuser
>
>Now Test all the metod
>
>
>
>>>OK; ssh user@host
>>>
>>>
>[root@igloo root]# ssh sshuser@localhost
>sshuser@localhost's password:
>/usr/local/bin/ssh.sh
>You are attempting to run "setup" which requires administrative
>privileges, but more information is needed in order to do so.
>Password for root:<CTRL C>
>Connection to localhost closed.
>[root@igloo root]#
>
>Ok, the command run propertly! ...
>... via sudo then I can disable the password request ...
>
>Now test other case ... I do not want that these work ....
>
>
>
>>>NO: ssh user@host cat /etc/passwd
>>>
>>>
>[root@igloo root]# ssh sshuser@localhost cat /etc/passwd
>sshuser@localhost's password:
>/usr/local/bin/ssh.sh -c cat /etc/passwd
>[root@igloo root]#
>
>NOT WORK! good!
>
>
>
>>>NO: scp user@host:/etc/passwd .
>>>
>>>
>[root@igloo root]# scp sshuser@localhost:/etc/passwd .
>sshuser@localhost's password:
>/usr/local/bin/ssh.sh -c scp -f /etc/passwd
>[root@igloo root]# ls passwd
>ls: passwd: No such file or directory
>[root@igloo root]#
>
>NOT WORK! good!
>
>
>
>>>NO: sftp user@host
>>>
>>>
>[root@igloo root]# sftp sshuser@localhost
>Connecting to localhost...
>sshuser@localhost's password:
>Received message too long 796226418
>[root@igloo root]#
>
>NOT WORK!
>
>This is all .... some suggest?
>
>Many thank for your attention.
>
>
>
- Previous message: Markus Karg: "How To Limit SFTP client's access?"
- In reply to: Dario Lesca: "HowTo Disable execution of commands whit ssh and scp/sftp"
- Next in thread: Dmitry Surovtsev: "Re: HowTo Disable execution of commands whit ssh and scp/sftp"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
