[lug] ssh shell commands
Brad Crotchett
brad at bradandkim.net
Wed Jun 6 19:14:35 MDT 2007
On Wed, 2007-06-06 at 17:34 -0700, karl horlen wrote:
> i currently have ssh account access with my isp. i
> can ssh in and run who and other commands that let me
> determine all the other user id accounts and the real
> names behind those accounts on the box. that seems a
> little weak to me.
>
> isn't there a way to limit these commands while still
> giving a user ssh shell access? if so how?
>
> thanks
>
Yeah, that sounds a little odd for an ISP. If you issue 'cd /' and then
'ls -al' does it look like the entire filesystem or just a chrooted
environment? I think an SSH chroot or jail would be the preferred
route. You could add only the binaries you want to the /bin /usr/bin
dirs and limit what commands they have access to. Something like this:
http://www.howtoforge.com/chrooted_ssh_howto_debian
Brad Crotchett
brad at bradandkim.net
http://www.bradandkim.net
More information about the LUG
mailing list