Re: restricting ssh access

From: User1001 (supraexpress_at_globaleyes.net)
Date: 03/23/05 

Date: Tue, 22 Mar 2005 20:03:06 -0600

In Shell RC file for non-login account, add variable checks for SSH
connection; (Open)SSH sets certain environment variables when it
completes a login connection (eg; SSH_CLIENT, SSH_CONNECTION, SSH_TTY,
SSH_ORIGINAL_COMMAND for SCP). Make sure that SSH_ORIGINAL_COMMAND is set
to "scp" (or "sftp"). You might want to check on the "command string"
being passed and decided whether to execute it or not.

This can be tightened up more by using key-only-access where the
AUTHORIZED_KEYS file has additional (OpenSSH) parameters to limit PTY,
port forwarding, et cetera, and can even be used to invoke a specific
command (script) where further checking/restrictions can be implemented.

For OpenSSH - look at the MANual pages. For OpenSSH, SSH.COM (and
others?), look at the Secure Shell book from O'Reilley.

On Tue, 22 Mar 2005 19:04:52 +0000, Chuck wrote:

> Is there a way to prevent ssh access to a user account while still allowing
> sftp or scp file transfers? I don't want the user to be able to get a shell
> prompt or execute commands with ssh, but if they log in to the server using
> another account, I want them to be able to "su" to the restricted account
> and have full shell access. Is this possible, and if so how?

Relevant Pages

  • Re: How to execute commands on a server through a script on my computer?
    ... on the servers shell because i need some environment variables - I need ... You should also read your manual page for ssh, ...
    (comp.unix.shell)
  • Re: Great SWT Program
    ... of what an alias is and how to define it. ... graphical shell for some media types, and seems to be able to read the ... You do understand that environment variables defined in the way ... And I'd almost say that this *IS* clipboard support, in a way, ...
    (comp.lang.java.programmer)
  • Re: how to view environment variables
    ... Chris Whitehouse wrote: ... environment variables, eg UBLIO_BLOCKSIZE and others. ... want to see the variable in your shell, then you must tell the shell to set it ... setenv UBLIO_BLOCKSIZE 65536 ...
    (freebsd-questions)
  • Re: Environmental variables
    ... > talking about the environment variables used and/or set by a given shell ... Effectively the number of environment variables ... regardless of inheritance? ... DeeDee, don't press that button! ...
    (comp.unix.solaris)
  • Re: Environmental variables
    ... > talking about the environment variables used and/or set by a given shell ... Effectively the number of environment variables ... regardless of inheritance? ... DeeDee, don't press that button! ...
    (comp.sys.sun.admin)