[lug] ssh shell commands
karl horlen
horlenkarl at yahoo.com
Wed Jun 6 19:19:00 MDT 2007
--- Dan Ferris <dan at usrsbin.com> wrote:
> You can limit commands with SSH keys. If you are
> using password / PAM
> auth, there is the pam_chroot module. You can stick
> users into their
> own little chroot worlds and have whatever commands
> you want.
1) i'm not sure but i think you are saying that there
are two different techniques to approach this right?
a) ssh keys
OR
b) pam
never heard of ssh keys being used for anything other
than as in terms of the actual authorization signature
keys
2) when using the pam chroot technique do you know the
granularity of the commands you can specify?
for instance, i obviously want users to be able to use
'ls'. however, would it be possible to specify that
they can only use on their own home directories and
below verus any other directory in teh file system
(including other people's home directories).
i know i can think of a clever permissions scheme to
put on the directories themselves but if i can nip it
in the bud in the chroot, that'd be a lot easier to
manage.
>
> Dan
>
> karl horlen wrote:
> > i currently have ssh account access with my isp.
> i
> > can ssh in and run who and other commands that let
> me
> > determine all the other user id accounts and the
> real
> > names behind those accounts on the box. that
> seems a
> > little weak to me.
> >
> > isn't there a way to limit these commands while
> still
> > giving a user ssh shell access? if so how?
> >
> > thanks
> >
> >
> >
> >
>
____________________________________________________________________________________
> > Building a website is a piece of cake. Yahoo!
> Small Business gives you all the tools to get
> online.
> > http://smallbusiness.yahoo.com/webhosting
> > _______________________________________________
> > Web Page: http://lug.boulder.co.us
> > Mailing List:
> http://lists.lug.boulder.co.us/mailman/listinfo/lug
> > Join us on IRC: lug.boulder.co.us port=6667
> channel=#colug
> >
> >
>
> --
> No one expects the Spanish Inquisition.
> _______________________________________________
> Web Page: http://lug.boulder.co.us
> Mailing List:
> http://lists.lug.boulder.co.us/mailman/listinfo/lug
> Join us on IRC: lug.boulder.co.us port=6667
> channel=#colug
>
____________________________________________________________________________________
The fish are biting.
Get more visitors on your site using Yahoo! Search Marketing.
http://searchmarketing.yahoo.com/arp/sponsoredsearch_v2.php
More information about the LUG
mailing list