bugzilla-daemon at mindrot.org
2004-Sep-27 03:07 UTC
[Bug 935] Restrict commands in sshd_config
http://bugzilla.mindrot.org/show_bug.cgi?id=935 Summary: Restrict commands in sshd_config Product: Portable OpenSSH Version: 3.8.1p1 Platform: All OS/Version: Linux Status: NEW Severity: enhancement Priority: P2 Component: sshd AssignedTo: openssh-bugs at mindrot.org ReportedBy: cjensen at gmail.com It would be nice if the sshd_config could specify a restricted set of commands that could be executed, or even force a command like the "command=" option in authorized_keys The use of authorized_keys is not appropriate in our case because 1) We wish to enforce this for multiple users and creating and deploying a private/public key pair for each remote user is time consuming and cumbersome. It's also a step that can be potentially forgotten each time a new user is added. 2) For technical reasons, the user must type their password to login so that a pam module may capture it. I've asked on the security focus ssh list about this, but all the responses pointed me to authorized_keys, so I'm guessing that means that it isn't implemented. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
Apparently Analagous Threads
- Problems in slogin.1, sshd_config.5, ssh_config.5
- [Bug 387] New: command="" in authorized_keys fails when sshd_config has "PermitRootLogon forced-commands-only"
- [Bug 2160] New: Option to disable ~/.ssh/rc in sshd_config
- [Bug 2317] New: sshd_config man page not clear on PermitUserEnvironment
- [Bug 3667] New: Trailing space is added when parsing Subsystem in sshd_config