[wellylug] ssh problem

[jumbophut]

On Thu, 03 Feb 2005 11:21:20 +1300, Mark Signal wrote:
> Further info...
> it appears that when the client connects with -N (Do not execute a
> remote command - which is neccesary as client account have no shell) -
> then  ClientAliveInterval does not work.
> 
> Is there a shell that I can allocate users that allows them to do
> nothing other than logon?
> 

As well as the suggestions others have offered, you can use pam_chroot
to chroot users into a basically empty root and reduce the security
risk of running a command.

I haven't done it myself, but this has more info:
<http://www.debian.org/doc/manuals/securing-debian-howto/>

-- 
Tony (echo 'spend!,pocket awide' | sed 'y/acdeikospntw!, /l at omcgtjuba.phi/')