SSH user ID 0 can always circumvent.
It's impossible. Adrian From: Mike Jumper [mailto:[email protected]] Sent: 26 November 2021 10:06 To: [email protected] Subject: Re: Block certain commands for SSH On Fri, Nov 26, 2021, 01:52 Yang Yang <[email protected]<mailto:[email protected]>> wrote: Hello, Is it possible to set a list of commands that will be blocked when any user types in for SSH connection? This will be useful to protect the server from dangerous command such as “rm -rf /“. If the feature is not yet available, is it possible with guacamole? If I can get some time to have a try, should it be implemented with guacamole client or server (guacd)? No, this is not possible for any SSH client: Keep in mind that when you use SSH, you are not sending commands but keystrokes. There is no way to know that a user's keystrokes are due to the user running a command, typing documentation about that command, or messaging their friend who happens to be named "rm -rf /". The only way to reliably block anything like this would be on the SSH server, within the shell interpreting the command. Only the shell truly knows that what you are doing is typing a command. - Mike
