Re: ssh restrictions (/etc/ssh_config)
- From: Martin Simovic <msimovic@xxxxxxxxxxxxxxxxxxxxxxx>
- Date: Thu, 20 Sep 2007 16:56:14 +0100
On Thu, 2007-09-20 at 08:30 -0400, Greg Wooledge wrote:
On Wed, Sep 19, 2007 at 09:39:56AM +0200, Rainer Peter Feller wrote:
On Tue, 2007-09-18 at 12:19 +0100, Martin Simovic wrote:
is there a way to restrict commands passed to ssh (client) to overrideSo I made a patch by myself, which I also update with every new release
command line options
For the Patch to openssh-4.7p1 see attachment
The name of the not overidable configfile is ssh_config_p
What prevents people from bypassing this by using an unpatched client?
this is meant to run in a gateway (login system to external/internal
networks) which is running restricted shell.the only commands available
on the system are ssh and exit.
while with unpatched client user could do:
ssh -p PermitLocalCommand=yes somesystem.com
then on remote system ~~C
!/bin/bash
and the have unrestricted shell on a gateway! (even if /bin/bash is not
on their $PATH originally)
martin.
- References:
- ssh restrictions (/etc/ssh_config)
- From: Martin Simovic
- Re: ssh restrictions (/etc/ssh_config)
- From: Rainer Peter Feller
- Re: ssh restrictions (/etc/ssh_config)
- From: Greg Wooledge
- ssh restrictions (/etc/ssh_config)
- Prev by Date: Re: ssh restrictions (/etc/ssh_config)
- Next by Date: Re: ssh restrictions (/etc/ssh_config)
- Previous by thread: Re: ssh restrictions (/etc/ssh_config)
- Next by thread: Re: ssh restrictions (/etc/ssh_config)
- Index(es):
Relevant Pages
|
