[lug] ssh shell commands

Brad Crotchett brad at bradandkim.net
Wed Jun 6 19:14:35 MDT 2007

On Wed, 2007-06-06 at 17:34 -0700, karl horlen wrote:
> i currently have ssh account access with my isp.  i
> can ssh in and run who and other commands that let me
> determine all the other user id accounts and the real
> names behind those accounts on the box.  that seems a
> little weak to me.
> isn't there a way to limit these commands while still
> giving a user ssh shell access?  if so how?
> thanks

Yeah, that sounds a little odd for an ISP.  If you issue 'cd /' and then
'ls -al' does it look like the entire filesystem or just a chrooted
environment?  I think an SSH chroot or jail would be the preferred
route.  You could add only the binaries you want to the /bin /usr/bin
dirs and limit what commands they have access to.  Something like this:


Brad Crotchett
brad at bradandkim.net

More information about the LUG mailing list