[clug] Wanted: Developer to securely implement a restricted SSH shell
Nathan O'Sullivan
nathan at mammoth.com.au
Mon Jan 4 16:34:55 MST 2010
On 05/01/10 10:28, Andrew Janke wrote:
>> If you look at my custom shell
>> http://www.mammothmedia.com.au/~nats/restricted-shell-job.txt
>> I refuse to run with any command line arguments, so specifying
>> command="anything" just causes my shell to exit.
>>
>> I think I prefer that solution, since it means I can let the user just
>> directly edit their authorized_keys file instead of having to parse/build it
>> for them.
>>
> Well if you are paranoid, you could start of by replacing:
>
> #!/bin/bash
>
> with
>
> #!/bin/rbash
>
>
I think it may be worth going to C/python/perl for this reason, to
further restrict potential mischief.
More information about the linux
mailing list