openssh unix dev - Mar 2005 - no-pty option.

Hello list!

 Not sure if this is a proper list to ask and it's not strictly
 OpenSSH related.

 I put the "no-pty" option on a key and try to login with it. As it
 should be - the shell access is denyed.

 However, I get an unrestricted access if I execute a command like
 this:
 $ ssh user at server /bin/sh

 I get the shell that just has no prompt but works as usual.
 
 All this badness happens to me on QNX4 and SSH.com's ssh-1.2.33.

 Now the question:
 How does it happen on other UNIXes?

 What would you suggest - is it a port's fault or a OS's
"specifics"?

Anthony.

rz1a at nwgsm.ru wrote:
>  Not sure if this is a proper list to ask and it's not strictly
>  OpenSSH related.
> 
>  I put the "no-pty" option on a key and try to login with it. As
it
>  should be - the shell access is denyed.
> 
>  However, I get an unrestricted access if I execute a command like
>  this:
>  $ ssh user at server /bin/sh
> 
>  I get the shell that just has no prompt but works as usual.
What you have there is a regular interactive shell without a controlling 
terminal.

Things requiring a controlling terminal won't work but pretty much 
everything else will.
>  All this badness happens to me on QNX4 and SSH.com's ssh-1.2.33.
> 
>  Now the question:
>  How does it happen on other UNIXes?
Typically the same thing happens.
>  What would you suggest - is it a port's fault or a OS's
"specifics"?
If you need to prevent users running certain commands (like /bin/sh) 
you'll need a restricted shell or similar.

-- 
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
     Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.