Enhancements.
From: Kevin P Tomlinson (Tomlinson_Kevin_P_at_cat.com)
Date: 10/01/04
- Previous message: Lissa Valletta: "scp encryption"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: secureshell@securityfocus.com Date: Fri, 1 Oct 2004 08:22:41 +0100
All,
wanted to control 1000 users logging on to a Tru64 box without the need to
generate 1000 keys and use the force commands option.
We needed the users to logon onto the box but did not want all of them to
be able to run commands. Checked the documentation for Openssh
and various other sources and could not find a way of controlling this
without keys.
Looked at the latest source 3.9p1 source and made changes to session.c to
allow us to control this thru the system sshrc file.
# sshrc
# SSH_SHELL_COMMAND - shell command the user is attempting to run. Not
set
# if user is running interactive login.
# SSH_PARENT - PID of the sshd connection process.
#
# These parameters are set with Kevin Tomlinsons Patch to session.c
# Check to see if this user is running a command
if [ "${SSH_SHELL_COMMAND}" ]
then case ${SSH_SHELL_COMMAND} in
/bin/ls*) :;; # Allow LS commands
*) echo "Security Violation. Session Terminated" >&2
kill -15 ${SSH_PARENT};; # Dont allow commands
esac
fi
exit 0
Not sure where to post this patch or if its of any use to anyone else but
would like to share.
Thanks
Kevin Tomlinson
UNIX Enterprise Consultant
RHCE - RedHat Certified Engineer.
HCE - Hewlett Packard Certified Engineer.
Solaris - Certified Administrator , Certified Network Administrator ,
Certified Security Administrator.
ktomlinson@scarpgold.co.uk
- Previous message: Lissa Valletta: "scp encryption"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
