Re: No shell scripts ...

From: Darren (dledmonds@nospam-btopenworld.com)
Date: 02/03/03

• Next message: Cameron Laird: "Re: PermitRootLogin=yes versus su"
• Previous message: Dimitri Maziuk: "Re: logging every sshd messages in a dedicated log-file"
• In reply to: Richard E. Silverman: "Re: No shell scripts ..."
• Next in thread: Richard E. Silverman: "Re: No shell scripts ..."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

From: Darren <dledmonds@nospam-btopenworld.com>
Date: Mon, 03 Feb 2003 17:52:25 +0000

No, I don't want to say 'can log in', but perhaps 'can get a shell'
makes more sense. I want behaviour like sourceforge where you get a ssh
login to use with cvs, but if you do,

ssh cvs.sourceforge.net
it acknowloges your attempt then boots you out stating you are not
allowed a shell.

Thanks.

Richard E. Silverman wrote:
>>>>>>"DE" == Darren <dledmonds@nospam-btopenworld.com> writes:
>>>>>
>
> DE> How do I restrcit my ssh connections so that only root (or certain
> DE> users) get a shell script and others get kicked back out. I tried
> DE> creating /etc/nologin but that affects other logins as well as ssh
> DE> !
>
> What you want to say here is "can log in" instead of "get a shell script;"
> that phrase is meaningless.
>
> You did not say what version of SSH you're using. However, they all have
> this capability and it's documented. For OpenSSH, for instance:
>
> % man sshd_config
> ...
> AllowUsers
> This keyword can be followed by a list of user name patterns,
> separated by spaces. If specified, login is allowed only for
> users names that match one of the patterns. `*' and `'? can be
> used as wildcards in the patterns. Only user names are valid; a
> numerical user ID is not recognized. By default, login is
> allowed for all users. If the pattern takes the form USER@HOST
> then USER and HOST are separately checked, restricting logins to
> particular users from particular hosts.
> ...
>
> --
> Richard Silverman
> slade@shore.net

• Next message: Cameron Laird: "Re: PermitRootLogin=yes versus su"
• Previous message: Dimitri Maziuk: "Re: logging every sshd messages in a dedicated log-file"
• In reply to: Richard E. Silverman: "Re: No shell scripts ..."
• Next in thread: Richard E. Silverman: "Re: No shell scripts ..."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: SFTP is not working ... When I try to use sftp or scp2, I get a message like this: ... sftp and scp2 both actually work by running ssh in a subprocess, ... The reason the shell startup files are relevant at all, ... (comp.security.ssh) Re: Did you hack into my UNIX server Bible Bob? ... But that's not a shell question. ... >> OSX users, should I be using ssh instead of telnet for security? ... OSX as a built in firewall tab. ... (comp.unix.shell) Re: using ssh to run remote commands? [ssh -T, scp/ssh flags] ... I use SSH to forward connections between an intranet server at home and my ... To do this, the user on the remote machine need not have a shell, either ... start a shell on the remote host, ... you can have ssh run a command instead of an interactive shell by ... (FreeBSD-Security) Re: UK Shell Provider ... http://templarshells.mine.nu Services include access to linux programs, ... "Access to the Templar Server is via Ssh (Secure Shell). ... (uk.telecom.broadband) Re: [fw-wiz] Best-of-breed Proxies (was Re: Proxy Firewalls ...) ... >> It used a chrooted sshd with private passwd/shadow files in the ... >> chroot jail. ... The login shell for the users in that private passwd ... >> config file to get a destination host, and execed an ssh client to ... (Firewall-Wizards)

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint