I have a feeling that might not be very robust if you're allowing sftp or scp to anywhere a user normally has access to - a user could then download their own authorized_keys file, edit it to give themselves shell access, and then upload it.
Another option might be to use the Match option in OpenSSH 4.4. I haven't had a chance to play around with 4.4 yet, so please experiment with this. But, something like Match User restricted-user ForceCommand /usr/libexec/sftp-server The advantage here is, you do this once to /etc/sshd_config - the file you're editing is not under a user's control, unlike their authorized_keys file. You'd probably need to add other options in there, disabling port forwarding and such... I have one concern with the above - the forced command is executed with the user's shell, with the -c option. If I'm not mistaken, this will prevent bash from reading any scripts that could be under the user's control. But you'd have to carefully examine the man page for every shell in /etc/shells, and ferret out ways a user might run commands. Maybe either remove shells from /etc/shells, or prevent users from changing their shells altogether. For example, on my OS X system, tcsh still runs the user's ~/.tcshrc, even when run with a -c option. Although I wasn't able to try it with ssh & ForceCommand. Perhaps someone else on the list has more complete knowledge of this? Regards Mark On 11/14/06, Greg Bell <[EMAIL PROTECTED]> wrote:
ssh lets you restrict the command a user is allowed to run in the authorized_keys file. mostly unknown feature but very handy. i have found this useful for allowing users to do just one or two things (eg. rsync a particular dir). see http://www.hackinglinuxexposed.com/articles/20030109.html ~gb