[clug] Wanted: Developer to securely implement a restricted SSH shell
Nathan O'Sullivan
nathan at mammoth.com.au
Mon Jan 4 15:38:29 MST 2010
On 04/01/10 19:33, Andrew Janke wrote:
>>> I was thinking a custom shell with openssh;
>>>
>> Inside the authorized_keys file you can specify a command to be run when a given key is
>> used. You could generate a set of key pairs for each xm console command required. Or if
>> a specific user needs access to a specific xm console then you just use the user's public
>> key with the appropriate command= entry.
>>
>> Look for AUTHORIZED_KEYS FILE FORMAT in the sshd man page.
>>
> Beat me to it! :) This is exactly what crossed my mind when I first
> read this. I do this as such for a rsync via a (passwordless) key for
> example:
>
> mavis:.ssh$ cat authorized_keys
> command="~/bin/vrsync.sh",no-port-forwarding,no-X11-forwarding,no-agent-forwarding
> ssh-dss<AAAABBASDasdfff234af... rest of key...>
>
>
From my testing, the command="$COMMAND" from ~/.ssh/authorized_keys is
simply passed to to the user's login shell as command arguments "-c
$COMMAND" which the user's login shell can do with as it pleases.
Obviously /bin/bash just runs the command; you can see in my custom
shell on http://www.mammothmedia.com.au/~nats/restricted-shell-job.txt
that I refuse to do anything if there are command lines arguments
(tested with *$# -ne 0*).
The authorized_keys setting overrides the command (if any) from running
"ssh user at host $COMMAND" but other than that, isnt special in any way
and to me, would appear to be vulnerable to the same class of attacks as
writing a custom shell.
Regards
Nathan
More information about the linux
mailing list