[X2Go-Commits] page changed: wiki:security:rbash
wiki-admin at x2go.org
wiki-admin at x2go.org
Fri Oct 31 21:59:45 CET 2014
A page in your DokuWiki was added or changed. Here are the details:
Date : 2014/10/31 20:59
Browser : Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/37.0.2062.120 Chrome/37.0.2062.120 Safari/537.36
IP-Address : 79.228.221.115
Hostname : p4FE4DD73.dip0.t-ipconnect.de
Old Revision: http://wiki.x2go.org/doku.php/wiki:security:rbash?rev=1414788512
New Revision: http://wiki.x2go.org/doku.php/wiki:security:rbash
Edit Summary: [secure ssh access]
User : woglinde
@@ -26,14 +26,25 @@
====== secure ssh access ======
- To make sure the users can only access rbash, setup ssh to use **ForceCommand**, otherwise the usrs can run any other shell or commands over
+ To make sure the users can only access rbash, setup ssh to use **ForceCommand**, otherwise the users can run any other shells or commands over
ssh.
Therefore edit /etc/ssh/sshd_config and put the the following lines at the end.
<note>
Match group
rbrowser
ForceCommand sshcommand
</note>
- ForceCommand only works for a sshd matching section.
- So you can dedicate the rbash to a certain group.
+ ForceCommand only works for a sshd matching section. So you can dedicate the rbash to a certain group.
+
+ **sshcommand** is a small shell script to wrap the rbash usage,
+
+ <code bash>
+ #!/bin/sh
+ PATH=/opt/rbash/bin
+ if test -n "$SSH_ORIGINAL_COMMAND"; then
+ /bin/rbash -c "$SSH_ORIGINAL_COMMAND"
+ else
+ /bin/rbash
+ fi
+ </code>
--
This mail was generated by DokuWiki at
http://wiki.x2go.org/
More information about the x2go-commits
mailing list