[scponly] scponly and arbitrary commands
Alan Evans
alanwevans at gmail.com
Tue Sep 7 14:18:02 EDT 2010
I have a need to restrict users to SCP/SFTP only and there is one case I am
having trouble telling if scponly will address.
Does scponly prevent arbitrary command execution?
Assume in the following examples that 'host' has the scponly package
installed on it and the account 'user' has a shell of /usr/bin/scponly.
ssh user at host <command>
ssh user at host <full path to command>
Examples
ssh user at host ls
ssh user at host /bin/ls
ssh user at host /bin/cat /path/to/some/file
Most importantly does it prevent alternate shells?
ssh -t user at host /bin/bash
ssh -t user at host /bin/ksh
I would think scponly is unable to prevent this case as the shell is called
by sshd after looking up a user's shell. My own limited testing so far
seems to confirm this but I would like to get the list's thoughts.
Regards,
-Alan
-------------- next part --------------
HTML attachment scrubbed and removed
More information about the scponly
mailing list