Displaying 20 results from an estimated 1000 matches similar to: "sshd’s ForceCommand and ssh’s "–N Do not execute a remote command""
2007 Oct 19
1
Size and performance efficient rewriting of the `dash.test` built-in
== Proposition A. Do not implement `-a' and `-o'. ==
Why.
1. Most of the `test` usage is 2 or 3 arg. ops.
2. Issues (and possible `||', `&&' substitutions), described in [0]
[0] http://www.opengroup.org/onlinepubs/000095399/utilities/test.html
3. In case of usage of it, `exec /usr/bin/test $args` can be
implemented. Thus, smart users of `-a' and `-o' will
2007 May 16
2
Disabling ForceCommand in a Match block
Hello,
I am trying to force a command for all users *except* for users in the
"wheel" group. My idea was to do the following in sshd_config:
ForceCommand /usr/bin/validate-ssh-command
Match Group wheel
ForceCommand
But obviously this doesn't work, because ForceCommand requires an
argument. I couldn't find a way to achieve what I want.
I wrote a patch that adds a
2008 Jun 20
1
ForceCommand internal-sftp causes sftp logging to fail (openssh-5.0p1)
Hi guys,
I have a server setup with openssh-5.0p1 and use some users as
sftp-only chroot accounts.
The following configuration yields exactly the result I want:
user is chrooted, logs to syslog, all is good.
#================================================#
Subsystem sftp internal-sftp -f AUTHPRIV -l VERBOSE
Match User fredwww
ChrootDirectory %h
#ForceCommand internal-sftp
2007 Dec 20
1
ForceCommand - Subsystem
Hi All
First of all apologize for my bad English ? it is not my native language.
I'm using ssh for my everyday work. And I have noticed strange behaviour
in sshd daemon.
In sshd_config file there is option ForceCommand, and if I'm making sftp
connection it look like command is also executed, I receive error
message and connection is lost. In my opinion ForceCommand should not be
2017 Mar 08
2
Logging with ForceCommand and SCP
Hello List,
I'am using the ForceCommand in my sshd configuration to log all the user
actions on my device.
ForceCommand /usr/bin/log-session.sh
The Log Session Script itself is working fine for logging.
But now I want also use SCP to copy files and this won't work together
with the ForceCommand above.
The copied file is created but its zero byte on the target.
scp file.tar.gz
2008 Sep 23
3
[Bug 1527] New: ForceCommand internal-sftp needs a way to enable logging
https://bugzilla.mindrot.org/show_bug.cgi?id=1527
Summary: ForceCommand internal-sftp needs a way to enable
logging
Product: Portable OpenSSH
Version: 5.1p1
Platform: Itanium2
OS/Version: HP-UX
Status: NEW
Severity: minor
Priority: P4
Component: sftp-server
AssignedTo:
2014 Sep 24
5
[Bug 2281] New: sshd accepts empty arguments in ForceCommand and VersionAddendum
https://bugzilla.mindrot.org/show_bug.cgi?id=2281
Bug ID: 2281
Summary: sshd accepts empty arguments in ForceCommand and
VersionAddendum
Product: Portable OpenSSH
Version: 6.6p1
Hardware: Other
OS: Linux
Status: NEW
Severity: normal
Priority: P5
Component: sshd
2008 Mar 24
1
ForceCommand and NFS-shared home directories
> > On Mar 22, 2008, at 3:32 PM, Chris Wilson wrote:
> >
> >> As I understand the "ForceCommand" in the sshd_confing file is meant to
> >> ignore any command supplied by the client, but if user's home is shared
> >> by server and client machines over network (ex. NFS) then user can
> >> still put something else into ~/.ssh/rc file and
2011 Feb 20
1
openssh as a proxy: ForceCommand limitations & speed penalty
I've hit two roadblocks while using openssh -D as a general proxy:
- openssh doesn't have an internal-null, so the options are to either
give the user account a real shell and ForceCommand, or set the shell
to something like /bin/cat and ChrootDirectory. I don't want
proxy-only accounts to have a shell at all.
- Comparing mini-httpd SSL/aes256 vs mini-httpd (localhost/no SSL) via
2015 Nov 01
4
[Bug 2486] New: allow ForceCommand none or similar
https://bugzilla.mindrot.org/show_bug.cgi?id=2486
Bug ID: 2486
Summary: allow ForceCommand none or similar
Product: Portable OpenSSH
Version: -current
Hardware: All
OS: All
Status: NEW
Severity: enhancement
Priority: P5
Component: sshd
Assignee: unassigned-bugs at mindrot.org
2008 Mar 21
0
why klibc? (Re: Polling again: switch the list over to subscriber-only?)
On Fri, Mar 21, 2008 at 9:39 PM, Jeff Bailey
<jbailey at raspberryginger.com> wrote:
> The only question that comes to mind is the future of klibc. Is there
> still potential for merging at some point? In ubuntu we never got to
> where we could do without glibc
to do what?
dual and quad cores in laptop with vista or similar (X based) operating
systems are no better, than
2016 Feb 17
2
Using 'ForceCommand' Option
I would like to implement an arbitrary script to be executed when logging
on via SSH. This is supposedly possible using the ForceCommand option to
sshd. However, as soon as I implement any script, even as simple as echoing
a string, clients can no longer connect to the server. Clients report only
that the connection was dropped by the server. The server, in debug mode,
shows:
Feb 17 16:14:01
2008 Mar 20
1
ForceCommand and ~/.ssh/rc
Hi,
As I understand the "ForceCommand" in the sshd_confing file is meant to
ignore any command supplied by the client, but if user's home is shared by
server and client machines over network (ex. NFS) then user can still put
something else into ~/.ssh/rc file and overcome this limitation. Is it
possible to disable execution of the ~/.ssh/rc file in such a case?
Thaks,
Mike
2008 Aug 19
1
[patch] fix to ForceCommand to support additional arguments to internal-sftp
Hi,
This patch makes things like ForceCommand internal-sftp -l INFO work
(current code in 5.1 would just end the session). Please consider for
inclusion into mainline.
Michael.
--- /var/tmp/session.c 2008-08-18 21:07:10.000000000 -0700
+++ session.c 2008-08-18 21:12:51.000000000 -0700
@@ -781,7 +781,7 @@
if (options.adm_forced_command) {
original_command = command;
2008 Mar 26
1
the most simply attempt [ibmdos_1978@MYS.CO.JP: 15 tips on mind blowing foreplay]
| Date: Wed, 26 Mar 2008 12:06:21 +0200
| From: Rain Myers <ibmdos_1978 at MYS.CO.JP>
| To: klibc at zytor.com
| Subject: [klibc] 15 tips on mind blowing foreplay
> Date: Fri, 21 Mar 2008 13:04:20 -0700
> From: "H. Peter Anvin"
> To: klibc list <klibc at zytor.com>
^^^^^^^^^^^^
to agree to include this in address field ('to' or 'cc'),
otherwise
2020 Jun 23
4
SSH certificate and serverside ForceCommand
Hi,
We're developing an open source project that uses SSH certificates. We
issue short lived certificates (few minutes) to execute commands on behalf
of users. We have a use case where we need to issue certificates with 10
days validity and store them, so we put a command inside them:
ssh-keygen -s ca-key -I certN -n user -O force-command="wget something" -V
+10d user-key.pub
and
2016 Feb 17
5
Using 'ForceCommand' Option
Gert,
Thank you for the feedback. Can you give any further direction on where to
get more information on what you are describing?
On Wed, Feb 17, 2016 at 3:17 PM, Gert Doering <gert at greenie.muc.de> wrote:
> Hi,
>
> On Wed, Feb 17, 2016 at 12:59:57PM -0600, Lesley Kimmel wrote:
> > I would like to implement an arbitrary script to be executed when logging
> > on via
2007 Sep 07
1
Development forever
Hallo, Peter. Cheers, developers!
I'd like to join this effort, in case i'll useful with my crazy stuff.
First of all, please consider subscribing this ML to Gmane interface.
It would be great! Especially, if you will provide full-text archives
for importing. (All that web archives suck, you know. Small and big
archives are most easily handled with news server/reader.)
Secondly. Did you
2009 Oct 23
3
internal-sftp only without ssh and scp hanging
I've configured OpenSSH_5.3p1 to only allow sftp connections (openssh
chroot functionality).
i.e.
Subsystem sftp internal-sftp
Match group sftpusers
ChrootDirectory /chroot/%u
X11Forwarding no
AllowTcpForwarding no
ForceCommand internal-sftp
So far everything works correctly with sftp but when a user ssh's or
scp's to the box the login
2014 Dec 03
1
Aw: Re: encrypted rsyncd - why was it never implemented?
On 12/03/2014 01:37:58 PM, Kevin Korb wrote:
> As far as a backup provider goes I wouldn't expect them to use rsync
> over SSL unless that were built into rsync in the future (and has
> been
> around long enough that most users would have it).
>
> I would expect them to either use rsync over ssh secured by rrsync or
> rsyncd over ssh with them managing the rsyncd.conf