When limiting a user to a single command via ssh, what default shell should be used for the user? This is a follow up to how can shellshock be exploited over SSH? I have a machine that is running an ssh server and has a dummy user. I have limited this dummy user to running a single command over ssh by specifying a command option in the authorized_keys file. I have been using bash as the default shell of the dummy user, but since the shellshock bug, I have been thinking maybe there is a more secure shell. The dummy user is only allowed to run an rsync command so I would image it would run on most shells. Specifically, the command that the user is allowed to run is:
rsync --server --sender -lHogDtpre.iLs . //home/dummyuser/data/"
I am not the administrator of the server, although I can ask for some easy changes, so setting up something like a chroot jail in the /etc/sshd/sshd_config file is not possible. Ideally, I would be able to limit the command by logging in as the dummy user with an unrestricted key.
Aucun commentaire:
Enregistrer un commentaire