Hi Dick,
Am 29.03.2011 15:35, schrieb Dick Kniep: [snip]
The problem is caused by the fact that the x2go server does not restrict the commands that can be entered thru ssh. This is bad, but what is worse, is that the X2go clients actually use this security hole to start any command it needs. [snip]
Thank you for sharing your concerns about the usage of x2go with us. As some people pointed out before the execution of commands via ssh is definitely a feature. Without this capability, x2go wouldn’t work at all. There is nothing "creepy" about executing commands on the server. I totally understand that you want to restrict the user from running vicious commands, but there are really a lot of "philosophies" how to do that.
An "integrated" solution could be to offer the system a login shell with a reduced command set.
Maybe a better solution could be to implement a connection to an already existing project doing that job better than a new attempt (this would be more the OS way).
As always: this is an Open Source project. This means: feel free to use it and - if you want to help - please do so. If you want to submit concerns or bugs it would be very helpful if you would name than in the subject like:
Wanted: Solution to prohibit remote execution of commands
Regards,
Heinz