rz1a at nwgsm.ru wrote:> Not sure if this is a proper list to ask and it's not strictly
> OpenSSH related.
>
> I put the "no-pty" option on a key and try to login with it. As
it
> should be - the shell access is denyed.
>
> However, I get an unrestricted access if I execute a command like
> this:
> $ ssh user at server /bin/sh
>
> I get the shell that just has no prompt but works as usual.
What you have there is a regular interactive shell without a controlling
terminal.
Things requiring a controlling terminal won't work but pretty much
everything else will.
> All this badness happens to me on QNX4 and SSH.com's ssh-1.2.33.
>
> Now the question:
> How does it happen on other UNIXes?
Typically the same thing happens.
> What would you suggest - is it a port's fault or a OS's
"specifics"?
If you need to prevent users running certain commands (like /bin/sh)
you'll need a restricted shell or similar.
--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.