Do you have a question? Post it now! No Registration Necessary. Now with pictures!
- Posted on
- Disable remote command execution?
October 2, 2009, 5:21 pm
rate this thread
I am using LDAP for authentication, and would like to control access
to the servers by the presence of a home directory. This works fine
for shell logins (no home directory, no shell). But the problem is
the user can still execute remote commands. Any way to disable remote
commands if the user doesn=92t have a home directory?
Re: Disable remote command execution?
There are some interesting techniques for rsync based access,
involving the use of a 'rsync-validate' script as an enforced command
in the SSH key configurations. But if they can access their home
directories and overwrite their .ssh/authorized_keys, this is no
guarantee. I've not tried to provide 'sftp-only' access, but that
might be a reasonable means to do so.
However, if all you really want is LDAP account access and easy read-
write access to a designated target, why not use WebDAV over HTTPS?
I've used this to manage access both to $HOME/public_html with write
access, and to shared repositories, with LDAP or even Kerberos user
authentication for upstream Active Directory account management.
- » Looking for C++ ssh open source client library for windows
- — Previous thread in » Secure Shell Forum
- » ssh on command line: force using a group size (prime size) of 1024 (and no...
- — Newest thread in » Secure Shell Forum