.:: Bots United ::. - View Single Post

Terran · **Re: Bots United start a Sourceforge project? -** 31-03-2004

If you set the users shell to /bin/false you will not be able to use portforwarding as the connection is terminated immediately after login.

I still don't get how you want to make sure that the ssh service can only be used for this special purpose. It's simply not designed for this kind of application. You will always need some tools which will do the trick.

What might be possible is giving the user a special restricted shell (e.g. rbash) which only allows the execution of some definable programs (in this case the cvs tools). But I havn't tested this for the use with cvs, maybe it's restrictions are to restrictive as e.g. cd is not allowed.

One thing I've learned in the last 11 years as system administrator:
The only secure system is one without any connections - including the power line.

	(#22)
Terran Member Status: Offline Posts: 431 Join Date: Jan 2004	Re: Bots United start a Sourceforge project? - 31-03-2004 If you set the users shell to /bin/false you will not be able to use portforwarding as the connection is terminated immediately after login. I still don't get how you want to make sure that the ssh service can only be used for this special purpose. It's simply not designed for this kind of application. You will always need some tools which will do the trick. What might be possible is giving the user a special restricted shell (e.g. rbash) which only allows the execution of some definable programs (in this case the cvs tools). But I havn't tested this for the use with cvs, maybe it's restrictions are to restrictive as e.g. cd is not allowed. One thing I've learned in the last 11 years as system administrator: The only secure system is one without any connections - including the power line.