[clug] Wanted: Developer to securely implement a restricted SSH shell

Hal Ashburner hal.ashburner at gmail.com
Sun Jan 3 23:28:15 MST 2010


On 04/01/10 17:24, Steven Hanley wrote:
> On Mon, Jan 04, 2010 at 05:21:10PM +1100, Michael Still wrote:
>    
>> Nathan O'Sullivan wrote:
>>      
>>> If you or your company do this kind of work, please mail me off-list. I
>>> am happy to discuss someone working on this after hours and would love
>>> to put a bit of cash into the pockets of a list member.
>>>
>>> Or if you can recommend someone that would be excellent too.
>>>
>>>
>>> I've posted the requirements off list, but to summarise: I need a way
>>> to let customers access their Xen domU console ("xm console $DOMAIN")
>>> over SSH, while doing our utmost to prevent the customer from doing
>>> anything else on the dom0.
>>>
>>> Further description and a naive implementation is available at
>>> http://www.mammothmedia.com.au/~nats/restricted-shell-job.txt
>>>        
>> Are you thinking of implementing a restricted shell and using openssh,
>> or a custom ssh server?
>>      
> Bob has some code in the svn repository here that does a restricted ssh job
> for students submitting assignments with elevated privoleges on a different
> server, he may be able to help you out with that if you have a look at how
> it works.
>
>    
Can't this be done simply by replacing /bin/sh in /etc/passwd with 
/path/to/some/binary
that execs xm console $DOMAIN for given domU logins?
What am I missing here?


More information about the linux mailing list