Re: HowTo Disable execution of commands whit ssh and scp/sftp
From: Dmitry Surovtsev (sd_at_buc.com.ua)
Date: 03/24/04
- Previous message: Burak Bilen: "Re: HowTo Disable execution of commands whit ssh and scp/sftp"
- In reply to: Dario Lesca: "HowTo Disable execution of commands whit ssh and scp/sftp"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 24 Mar 2004 13:35:05 +0000 To: secureshell@securityfocus.com
Very nice, but I'd add the TRAP command at the beginning...
Dario Lesca wrote:
>Hi, i am not subsribe to ML, but I have a simple question, if I must
>subscribe to ML for post, I will do it.
>
>My question:
>
>Howto allow only the execution of one procedure via ssh an disable the
>execution of any other command and the scp/sftp service?
>
>OK; ssh user@host
>NO: ssh user@host cat /etc/passwd
>NO: scp user@host:/etc/passwd /tmp
>NO: sftp user@host
>
>I have found this solution, is a bad solution or not?
>
>The target (for example) is assign to remote generic user the
>possibility to run a single command (setup, or another), and only that
>one!
>
>[root@igloo root]# cat /usr/local/bin/ssh.sh
>#!/bin/bash
>echo $0 $*
>export DISPLAY=
>exec /usr/bin/setup
>[root@igloo root]# chmod 755 /usr/local/bin/ssh.sh
>[root@igloo root]# useradd -s /usr/local/bin/ssh.sh sshuser
>[root@igloo root]# passwd sshuser
>
>Now Test all the metod
>
>
>
>>>OK; ssh user@host
>>>
>>>
>[root@igloo root]# ssh sshuser@localhost
>sshuser@localhost's password:
>/usr/local/bin/ssh.sh
>You are attempting to run "setup" which requires administrative
>privileges, but more information is needed in order to do so.
>Password for root:<CTRL C>
>Connection to localhost closed.
>[root@igloo root]#
>
>Ok, the command run propertly! ...
>... via sudo then I can disable the password request ...
>
>Now test other case ... I do not want that these work ....
>
>
>
>>>NO: ssh user@host cat /etc/passwd
>>>
>>>
>[root@igloo root]# ssh sshuser@localhost cat /etc/passwd
>sshuser@localhost's password:
>/usr/local/bin/ssh.sh -c cat /etc/passwd
>[root@igloo root]#
>
>NOT WORK! good!
>
>
>
>>>NO: scp user@host:/etc/passwd .
>>>
>>>
>[root@igloo root]# scp sshuser@localhost:/etc/passwd .
>sshuser@localhost's password:
>/usr/local/bin/ssh.sh -c scp -f /etc/passwd
>[root@igloo root]# ls passwd
>ls: passwd: No such file or directory
>[root@igloo root]#
>
>NOT WORK! good!
>
>
>
>>>NO: sftp user@host
>>>
>>>
>[root@igloo root]# sftp sshuser@localhost
>Connecting to localhost...
>sshuser@localhost's password:
>Received message too long 796226418
>[root@igloo root]#
>
>NOT WORK!
>
>This is all .... some suggest?
>
>Many thank for your attention.
>
>
>
- Previous message: Burak Bilen: "Re: HowTo Disable execution of commands whit ssh and scp/sftp"
- In reply to: Dario Lesca: "HowTo Disable execution of commands whit ssh and scp/sftp"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
