I do in sshd_config
Match User myuser
ForceCommand tail -f /home/myuser/1
$ cat /home/t/1
·······························································
hellooo
2014-02-17 16:59 GMT+02:00, Raimo Niskanen <[email protected]>:
> On Mon, Feb 17, 2014 at 02:21:45PM +0000, Richard Heasman wrote:
>> Good afternoon,
>>
>> Firstly, thanks for your ongoing development and good work.
>>
>> I have a question that I would like to pose to you, as I have not found
>> any satisfactory answer despite long research.
>>
>> Background:
>> We use ssh keys to distribute code and run commands. These are
>> appropriately controlled and logged. However I wish to stop
>> users/administrators using these as a back-door to the other systems. I
>> have configured the "notty" option on the authorised_keys file, yet this
>> still does not prevent the following:
>>
>> ssh SERVER ksh
>>
>> This will not return a prompt but will allow commands to be run
>> interactively.
>>
>> Do you have any recommendation / setting that would prevent this?
>
> It seems you have to disallow the use of any command over ssh.
>
> One way is to force the command via authorized_keys (see sshd(8))
> into a trusted program, e.g /bin/sh or /bin/ksh in restricted mode
> and then limit that restricted shell's command set.
>
>>
>> Regards,
>>
>> Richard
>> Registered Office: Inveralmond House 200 Dunkeld Road Perth PH1 3AQ
>> Registered in Scotland No. SC117119
>> www.sse.com
>>
>> **********************************************************************
>
> --
>
> / Raimo Niskanen, Erlang/OTP, Ericsson AB
