[clug] Wanted: Developer to securely implement a restricted SSH shell

Brett Worth brett at worth.id.au
Mon Jan 4 16:02:27 MST 2010

On 01/05/2010 09:38 AM, Nathan O'Sullivan wrote:

> From my testing, the command="$COMMAND" from ~/.ssh/authorized_keys is
> simply passed to to the user's login shell as command arguments "-c
> $COMMAND" which the user's login shell can do with as it pleases.
> Obviously /bin/bash just runs the command; you can see in my custom
> shell on http://www.mammothmedia.com.au/~nats/restricted-shell-job.txt
> that I refuse to do anything if there are command lines arguments
> (tested with *$# -ne 0*).
> The authorized_keys setting overrides the command (if any) from running
> "ssh user at host $COMMAND" but other than that, isnt special in any way
> and to me, would appear to be vulnerable to the same class of attacks as
> writing a custom shell.

Except that the exact command that's run along with it's arguments are contained in the
authorized_keys file.  Once the command is run the stdin/out/err are connected to the
client.  The client doesn't get to specify any arguments.

I'm just not sure what class of attack you're talking about.

BTW the client ssh command probably needs the "-t" to get a ptty.


More information about the linux mailing list