I appreciate all the answers, but none of addresses the issue of not being
able to address the filesystem.
I understand that complexity increases, but would it be less secure to add
some builtin commands / function some way? IF I am logged in and allowed to
spawn bash, why couldn't I also be allowed to run (some given) commands
that are preloaded or hardcoded in the daemon.
The reboot example is probably the most important one. Would it really be
so dangerous to program a builtin reboot command into ssh, in order to
reboot a system that has lost file access? I think a good discussion on the
topic here could prove valuable.
You could of course drag this too far an build busybox into ssh, but some
of the SysRqs could probably be made accessible to sshd. Just having a
builtin "echo" and I good do something like "echo b >
/proc/sysrq-trigger".
Maybe add sysrqd functionality?
I am not saying this is necessary or that it doesn't raise concerns, I am
saying this could be really helpful if it could be implemented well.
Kind regards,
bahner
fre. 24. jul. 2015 kl. 00.09 skrev Eric Wedaa <Eric.Wedaa at marist.edu>:
> And of course there's always the old standby in /etc/passwd (obviously
> change the account name)
>
> secretshutdown:x:0:0:root:/root:/sbin/shutdown
>
> And it presupposes that root logins are allowed (which is asking for
> trouble).
>
> >>>Ericw
>