Whatever your dummy shell is written in, make sure it catches all the
signal and do something you want (when it receives a signal).
In Bourne shell, something like this
trap "exit 0" 1 2 3 4 5 11 15
Tin Le
----
Net Images - Premier Web Presence Provider http://www.netimages.com/~tin
Internet Security and Firewall Consulting
Tin Le - [EMAIL PROTECTED]
On Wed, 21 Jul 1999, Guan Sin Ong wrote:
> We have set up a remote server at the other corner of the Net to allow
> our staff log into the machine using ssh, set up a tunnel, and then
> forward all their connections through the tunnel securely. We do not
> want to allow login shell access to the system. So basically what we do
> is to have a dummy shell for each of the logins. The dummy shell is
> simply a program doing nothing other than sleep() system call for many
> many seconds. That way logging in is fine but no access to the system.
>
> Would appreciate if anyone can point out any security concerns with such
> setup. I am especially concerned if there are ways to break out of the
> dummy shell (in which case I assume the ssh connection will be dropped)
> or anything I don't know to compromise it.
>
> thanx
>
