AIX

@Don Cragun: Unfortunately I cannot use rlogin because our security department said that rlogin contains security vulnerabilities which can be exploited so we had to disable the service from our servers. Anyway reading your last post I still think that this will not prevent users from doing what they tried to do before. Even if I remove putty from their PCs and give them a different tool to connect on server, nothing stops them from download putty and use it. and if they do that it doesn't matter what kind of shell they are using. Even if I set their initial shell to /bin/myscript as long as they have putty they can still execute remote ssh command and run bash with --noprofile option.

@XrAy: Thank you for your reply. well I'm actually testing all the suggestions that people posted here. this is what I said that I will do and this is what I'm doing right now. I didn't focus in just one thing. I'm trying to see what is the best solution to implement or even a combination of things. this is what I found until now:I test it for one user but it doesn't seem to work. The user can still execute the remote command he wants through putty and can connect through sftp and use scp also.

No. The user's shell - in your example ksh - is still used to run the command passed. Change a user's shell to "/bin/false" and see if you can still run arbitrary commands with that user via ssh.

Well if you set /bin/false as the initial shell for a user of course he will not login. The point is that the user can connect to the server through this shell but not get to command line. And before you mention anything about restricted shells I also tried it with rksh and the user can still bypass his .profile and get command line.

You're too fixated on preventing a user from "bypassing his .profile".

You can't stop that. And you can't control what's in a user's .profile in the first place.

And even if a user gets to a command line, he can't perform any operations he couldn't perform without command line access.

Operations on objects such as files or directories are done by system calls to the kernel. Whether they're allowed or not depends on the operation and the permissions given to that object for the user making the system call. WHERE that system call comes from is irrelevant. The kernel doesn't care if it comes from the bash or the boogersnot executable.

You can't really give someone a little bit of a login, although you can use a restricted shell to restrict things somewhat.

Well I think you are missing the point of the whole thread. These users existed on the system for a really long time and nobody has access to command line. NOBODY. They just login to the server and go straight to the application. They exit the application and their sessions is closed.

Recently we noticed that if a user uses putty to connect to the server he can run a remote command to the server and call bash shell (which is not their default shell) with --noprofile option. and in all these pages of the thread a lot of ideas came to the surface. In my previous posts I stressed the fact that I am trying to test what the people suggested in order to find out what suits my situation better, so creating a custom based version of bash obviously solves the specific problem but as you said and as XrAy said you need to be alerted every time you make upgrade of bash shell in order to remove this option from it and I also said that if you enter some lines in sshd_config file in order to force the execution of a specific command for a user or a group of users it works!

It doesn't work only for ssh login, it works also when the user tries to sftp or scp. So I guess that there is a way after all to prevent a user do what he wants to do. After all this should be the way. If you are the administrator then you should force your way to the users because if you allow them do whatever they want they would eventually do some stupid things that will create a mess for you to handle.

Moderator's Comments:

Please consider people reading this thread. For clarity, please use:- capital letters to start sentences capital letter for first person singular, i.e. I Lower case for everything else, emphasising with underline (capitals are seen as shouting) good paragraphs to break up the post to logical sections, avoiding "... and another thing..." full words, not the way you speak, e.g. because instead of cause highlighting for commands/options or member names It would make it much clearer to read than a single long unformatted paragraph. If you make your needs and attempts clear then you are more likely to get better responses and this thread will be more useful to others in the future.