On Thu, 2007-09-20 at 08:30 -0400, Greg Wooledge wrote: > On Wed, Sep 19, 2007 at 09:39:56AM +0200, Rainer Peter Feller wrote: > > On Tue, 2007-09-18 at 12:19 +0100, Martin Simovic wrote: > > > is there a way to restrict commands passed to ssh (client) to override > > > command line options > > So I made a patch by myself, which I also update with every new release > > For the Patch to openssh-4.7p1 see attachment > > The name of the not overidable configfile is ssh_config_p > > What prevents people from bypassing this by using an unpatched client?
this is meant to run in a gateway (login system to external/internal networks) which is running restricted shell.the only commands available on the system are ssh and exit. while with unpatched client user could do: ssh -p PermitLocalCommand=yes somesystem.com then on remote system ~~C !/bin/bash and the have unrestricted shell on a gateway! (even if /bin/bash is not on their $PATH originally) martin.
