On 2000-04-18, "Charles Leeds" <[EMAIL PROTECTED]> wrote: > At our company most users telnet in and get a menu which they cannot > break out of. If I add them to the AllowUsers line of the sshd_config > then they can ssh in. Now their password is not sniffable, but they > can execute commands, such as xterm, using ssh. > Is there a way to force ssh to allow a user to _only_ be able to log in > with ssh, and _not_ be able to scp or execute commands with ssh? Or > will I need to edit the source to do this? There are a number of ways. Off the top of my head: One way would be to set up the menu as the user's shell. Attempts to remotely execute commands, scp, etc result in sshd passing command lines to the user's shell as if it were sh, bash, etc. If you have the source for your menu program you can modify it to explicitly recognize when it's being called this way (usually -c foo bar ...) and react accordingly. Another would be to have the users use RSA keys only (not passwords -- set them to *'s and/or disable passwd authing in sshd_config), create a ~/.ssh/authorized_keys file for each user that they cannot modify, and put a command="/path/to/menu/program" option in the key along with no-*-forwarding, etc. This will cause that command to be "forced" whenever a user logs in with that key (man ssh and sshd for more). Setting the permissions up right probably includes something like: # assume user 'joeuser' who has a group named 'joeuser' as well chown root.joeuser /home/joeuser chmod 1770 /home/joeuser # or mode 1710 if you are a bofh chown root.joeuser /home/joeuser/.ssh chmod 1770 /home/joeuser/.ssh # or mode 1710 if you are a bofh chown root.joeuser /home/joeuser/.ssh/authorized_keys chmod 640 /home/joeuser/.ssh/authorized_keys Either of these, BTW, should be safer if done right than launching stuff in .profile (which is often race-sensitive to simple things like ^C's). -- Hank Leininger <[EMAIL PROTECTED]>
