[lug] replacing login shell
Hugh Brown
hugh at vecna.com
Wed Jun 26 14:41:31 MDT 2002
On Wed, 2002-06-26 at 16:24, D. Stimits wrote:
> One thing many people don't seem to realize (not talking about BLUG, but
> unrelated experiences) is that a shell can be almost any program that
> accepts stdin. If you look in /etc/, files "shells" and "passwd", you
> can add different programs to become a login. A very long time ago, I
> once added a MUD as the login shell to a few users I wanted to chat with
> (and you could do this with an IRC client as well). If you were to get
> the source to the ssh client, and hard wire it to a specific IP address,
> and possibly disable a few things, you'd be much more secure than with a
> script that can be suspended (let's say you have the script secure, then
> you would still have the ssh problems, so having only ssh is not a
> penalty compared to script controlled ssh). One thing that makes me
> suggest hard waring is that you need to pass arguments to ssh client...I
> would hard code it as needed, make it not accept arguments, and call it
> something like "ssh-shell", then add it to /etc/shells, and alter given
> login names to have this as the default shell (and if this is the case,
> they will find it difficult to chsh to a non-ssh shell).
>
> D. Stimits, stimits at idcomm.com
I realize this is a general comment, but I am wondering what ssh
problems there could be, in this specific case. I suspend, but I don't
get anything but another telnet prompt, I can't run chsh. I want to
know if there is some way of bypassing my set up, but I can't find one
(I'm probably just ignorant).
Hugh
More information about the LUG
mailing list