openssh bugs - Jan 2013 - [Bug 2062] New: Add support for a ForceShell sshd option

https://bugzilla.mindrot.org/show_bug.cgi?id=2062

            Bug ID: 2062
           Summary: Add support for a ForceShell sshd option
    Classification: Unclassified
           Product: Portable OpenSSH
           Version: -current
          Hardware: All
                OS: All
            Status: NEW
          Severity: enhancement
          Priority: P5
         Component: sshd
          Assignee: unassigned-bugs at mindrot.org
          Reporter: imorgan at nas.nasa.gov

Created attachment 2207
  --> https://bugzilla.mindrot.org/attachment.cgi?id=2207&action=edit
Add a ForceShell option to override the user's shell

This patch adds a ForceShell option to sshd to override the user's
shell. This can be used in a Match block to conditionally replace the
user's shell with a restricted shell such as rksh, scponly or authpf.

For example,

    Match Address !192.168.10.0/24
        ForceShell    /usr/sbin/authpf

This provides more flexibility than merely changing the user's shell in
the passwd file. It also makes it possible to override the shell when
LDAP or NIS is used for user information.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=2062

Iain Morgan <imorgan at nas.nasa.gov> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
   Attachment #2207|0                           |1
        is obsolete|                            |

--- Comment #1 from Iain Morgan <imorgan at nas.nasa.gov> ---
Created attachment 2535
  --> https://bugzilla.mindrot.org/attachment.cgi?id=2535&action=edit
Updated patch

-- 
You are receiving this mail because:
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=2062

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |djm at mindrot.org

--- Comment #2 from Damien Miller <djm at mindrot.org> ---
AFAIK it's possible to do this via ForceCommand already, as it receives
the original command-line from the client as $SSH_ORIGINAL_COMMAND

-- 
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.