Do you have a question? Post it now! No Registration Necessary. Now with pictures!
- Posted on
- Simon Tatham
May 1, 2012, 6:20 pm
rate this thread
Be aware, of course, that this breaks other features of SSH: with a
setup like this in place, users will only be able to log in and run
the single thing you want them to run (probably an interactive shell).
They won't be able to automate tasks by means of 'ssh hostname
some-specific-command', and they won't be able to run the SFTP
Simon Tatham "The distinction between the enlightened and the
Re: Forcing public key and password in OpenSSH - a solution
You are correct of course. Thank you for pointing this out.=20
However users can still use port forwarding, So if you set the command that=
the users run to, say, "sleep 36000", you can also deny users shell access=
(and limit them to 10 hour sessions), and make this setup quite ideal for =
a gateway machine protecting the inner network with 2-factor authentication=
- » error: rexec of /usr/sbin/extsshd failed: Permission denied
- — Next thread in » Secure Shell Forum
- » How to sniff ssh traffic at Layer3/Layer4, GIVEN you have the private key?
- — Previous thread in » Secure Shell Forum
- » ssh on command line: force using a group size (prime size) of 1024 (and no...
- — Newest thread in » Secure Shell Forum