A properly setup environment would address that (files with proper permission, one user per person, no root password handover, correctly written sudoers rules, etc).
Regards, CI.- On Mon, Nov 29, 2021, 05:37 Yang Yang <[email protected]> wrote: > Thank you very much for the information, Mike! > > Thanks, > Yang > > On Nov 26, 2021, at 18:05, Mike Jumper <[email protected]> wrote: > > On Fri, Nov 26, 2021, 01:52 Yang Yang <[email protected]> wrote: > >> Hello, >> >> Is it possible to set a list of commands that will be blocked when any >> user types in for SSH connection? This will be useful to protect the server >> from dangerous command such as “rm -rf /“. >> >> If the feature is not yet available, is it possible with guacamole? If I >> can get some time to have a try, should it be implemented with guacamole >> client or server (guacd)? >> > > No, this is not possible for any SSH client: > > Keep in mind that when you use SSH, you are not sending commands but > keystrokes. There is no way to know that a user's keystrokes are due to the > user running a command, typing documentation about that command, or > messaging their friend who happens to be named "rm -rf /". > > The only way to reliably block anything like this would be on the SSH > server, within the shell interpreting the command. Only the shell truly > knows that what you are doing is typing a command. > > - Mike > > >
