Hello, I would like to ask experienced users, how they solve security topics on their x2go servers.
I have the server where users are allowed to start only very a limited set of commands through ssh. I am using sshd_config option ForceCommand which allows to start only /usr/local/bin/check_ssh_cmd where I test SSH_ORIGINAL_COMMAND. Everything works fine so far. Now I need to allow users to start also some commands through x2goclient. The problem is that in order x2go to work I need to allow also every single command which is sent by x2goclient. I tried to track what is being sent and there are a lot of commands like 'sh -c "echo X2GODATABEGIN: ... echo X2GODATAEND"'. So the question is, how to write the rules in check_ssh_cmd wrapper script. If I would allow any command containing X2GODATABEGIN and X2GODATAEND, it would probably work, but my security setup of ssh would be broken, because somebody who knows, how x2go internally works, could sent his own commands wrapped in X2GODATABEGIN and X2GODATAEND. What would you recommend? Any sugestions are appreciated. Pavel _______________________________________________ x2go-user mailing list x2go-user@lists.x2go.org http://lists.x2go.org/listinfo/x2go-user
