[wellylug] ssh problem

Ewen McNeill wellylug at ewen.mcneill.gen.nz
Thu Feb 3 15:47:11 NZDT 2005


In message <42015260.5010700 at remote-assist.co.nz>, Mark Signal writes:
>>[ssh in for port forwarding only]
>Is there a shell that I can allocate users that allows them to do 
>nothing other than logon?

What I've done at a couple of sites for this is write a (tiny) C program
that basically prints out a message (to the effect that it's not an
interactive shell) and then waits for input -- as soon as it gets input,
it exits.  (It is basically a "hello world" C program with one extra
read() that makes it wait for some input.)  This can then be safely used
as a replacement "shell" which doesn't allow the user to do anything.

The advantage of this over something like /bin/true as a shell is
that it runs for the duration of the session.  /bin/true will exit
(immediately :-) ) which will generally mean that the ssh connection
closes, unless you use magic arguments to keep the ssh connection open
for the port forwarding only (and those options appear to be the ones
that are disabling the features you want enabled).

Ewen




More information about the wellylug mailing list