[lug] ftp only login

[Michael J. Pedersen]

On Fri, Feb 16, 2001 at 10:26:08AM -0700, Samartha wrote:
> I've tested only ssh since the telnet, rlogin, etc are off.
> 
> ssh allows log in with that account but cranks up the nologin program and 
> exits with the message.
> 
> Maybe signals are an issue - but one has to be really quick to get the 
> brief moment (the program is 2 k stripped) and create a signal and crash 
> the program - I don't think that's an issue.
> 
> with the sendmail receiving email - I am not sure, but with postfix, 
> aliasing the login name to a nonexisting name bounces the email back, 
> whereas pointing .forward to a nonexisting user puts it into the account's 
> email box.

Here's a very simple fix for that: add the following to your authorized_keys
file: command="/path/to/nologin". You add this to a given public key before
the actual key, but after the beginning (which usually, for me anyway,
consists of an environment option). Using this, ssh will only run that
command, period. As a result, even if they abort the command (for instance,
with a ^C), ssh will exit. Client gets no choice about it, it's a server side
fix.

-- 
Michael J. Pedersen
My GnuPG KeyID: 4E724A60        My Public Key Available At: wwwkeys.pgp.net
My GnuPG Key Fingerprint: C31C 7E90 5992 9E5E 9A02 233D D8DD 985E 4E72 4A60
GnuPG available at http://www.gnupg.org