On Wed, 21 Jul 1999, Guan Sin Ong wrote:
> We have set up a remote server at the other corner of the Net to allow
> our staff log into the machine using ssh, set up a tunnel, and then
> forward all their connections through the tunnel securely. We do not
> want to allow login shell access to the system. So basically what we do
> is to have a dummy shell for each of the logins. The dummy shell is
> simply a program doing nothing other than sleep() system call for many
> many seconds. That way logging in is fine but no access to the system.
>
> Would appreciate if anyone can point out any security concerns with such
> setup. I am especially concerned if there are ways to break out of the
> dummy shell (in which case I assume the ssh connection will be dropped)
> or anything I don't know to compromise it.
Well, user could have ssh execute a command when they login, and perhaps
even run a shell. Eg,
ssh -L ... -l somebody some.server.com /bin/sh
And then he still gets a sh shell.
Regards,
.lzs
