[X2Go-Commits] page changed: wiki:security:rbash

wiki-admin at x2go.org wiki-admin at x2go.org
Fri Oct 31 21:59:45 CET 2014


A page in your DokuWiki was added or changed. Here are the details:

Date        : 2014/10/31 20:59
Browser     : Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/37.0.2062.120 Chrome/37.0.2062.120 Safari/537.36
IP-Address  : 79.228.221.115
Hostname    : p4FE4DD73.dip0.t-ipconnect.de
Old Revision: http://wiki.x2go.org/doku.php/wiki:security:rbash?rev=1414788512
New Revision: http://wiki.x2go.org/doku.php/wiki:security:rbash
Edit Summary: [secure ssh access] 
User        : woglinde

@@ -26,14 +26,25 @@
  
  
  
  ====== secure ssh access ======
- To make sure the users can only access rbash, setup ssh to use **ForceCommand**, otherwise the usrs can run any other shell or commands over
+ To make sure the users can only access rbash, setup ssh to use **ForceCommand**, otherwise the users can run any other shells or commands over
  ssh.
  
  Therefore edit /etc/ssh/sshd_config and put the the following lines at the end. 
  <note>
      Match group
rbrowser
          ForceCommand sshcommand
  </note>
- ForceCommand only works for a sshd matching section.
- So you can dedicate the rbash to a certain group.
+ ForceCommand only works for a sshd matching section. So you can dedicate the rbash to a certain group.
+ 
+ **sshcommand** is a small shell script to wrap the rbash usage,
+ 
+ <code bash>
+ #!/bin/sh
+ PATH=/opt/rbash/bin
+ if test -n "$SSH_ORIGINAL_COMMAND"; then
+     /bin/rbash -c "$SSH_ORIGINAL_COMMAND"
+ else
+     /bin/rbash
+ fi
+ </code>



-- 
This mail was generated by DokuWiki at
http://wiki.x2go.org/



More information about the x2go-commits mailing list