[clug] Wanted: Developer to securely implement a restricted SSH shell

Nathan O'Sullivan nathan at mammoth.com.au
Mon Jan 4 16:48:28 MST 2010

>> Well if you are paranoid, you could start of by replacing:
>>     #!/bin/bash
>> with
>>     #!/bin/rbash
> I think it may be worth going to C/python/perl for this reason, to 
> further restrict potential mischief.

And thinking about it more, given that the .ssh/authorized_keys will be 
written by our website it probably makes sense if customer's home 
directory is not even writable (by the customer). Doing that should 
eliminate a bunch of potential dot-file attacks.

More information about the linux mailing list