CentOS - Jan 2008 - Command limiting with SSH keys and password auth ...

Hi all,

I'm trying to do a setup (Centos 4.4), with ssh keys. Ideal is that remote
you can enter a limited set of commands with no password "or" you can
ssh in
with password and get a normal bash prompt.

At the moment I have
from="::ffff:x.x.x.x",command="/usr/local/bin/allowedcommands.sh"
ssh-rsa <restofkey> (allowed commands I do checks for which ones are
allowed
and will add anything dodgy to check for) in authorized_keys2.

This all works with the keys I have, I can do an ssh <server> ls for
example
(ls being allowed), which works, otherwise it returns nothing if not allowed
command is given.

Main problem I have is if you enter no command (simply ssh <server>) it
also
kicks you out, I'd like it to ask for a password if no command is given, and
then if correct pass you onto a normal shell.

Is such a thing possible, or other avenues to get to the same point ?

Thanks in advance,

Ian
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.centos.org/pipermail/centos/attachments/20080129/53041448/attachment-0002.html>

On Tue, 29 Jan 2008, Ian wrote:
> Main problem I have is if you enter no command (simply ssh <server>)
it also
> kicks you out, I'd like it to ask for a password if no command is
given, and
> then if correct pass you onto a normal shell.
I've always used 2 sets of keys, one for the restriction, one without.
Then on the invoking end alias/script/config shortcuts to ssh -i the
right one.

------------------------------------------------------------------------
Jim Wildman, CISSP, RHCE       jim at rossberry.com http://www.rossberry.com
"Society in every state is a blessing, but Government, even in its best
state, is a necessary evil; in its worst state, an intolerable one."
Thomas Paine