How to restrict ssh by forced commands but sftp login should be enabled? | Unix Linux Forums | Shell Programming and Scripting

  Go Back    


Shell Programming and Scripting Post questions about KSH, CSH, SH, BASH, PERL, PHP, SED, AWK and OTHER shell scripts and shell scripting languages here.

How to restrict ssh by forced commands but sftp login should be enabled?

Shell Programming and Scripting


Tags
linux commands

Closed Thread    
 
Thread Tools Search this Thread Display Modes
    #1  
Old 01-28-2013
Anil George Anil George is offline
Registered User
 
Join Date: Jan 2013
Last Activity: 29 January 2013, 12:23 AM EST
Location: Chennai
Posts: 2
Thanks: 0
Thanked 0 Times in 0 Posts
Wrench How to restrict ssh by forced commands but sftp login should be enabled?

Hi,

I am trying to restrict an ssh-user to execute unwanted commands using ssh from a remote host a. So for that I am using the forced command in the authorized_keys file that will allow the ssh-user to only execute a particular command.

If I did not set this, I am able to login via ssh and sftp.

How can I differentiate whether the remote connection is issued via ssh or sftp in a shell script?

The command that I am expecting is as follows and these both should work:-

Code:
ssh ssh-user@hostname test_scripts.sh
sftp ssh-user@hostname

I used the variable $TERM to differentiate between ssh and sftp. If it is sftp then the $TERM will return 'dumb'. But when we are passing a command through ssh then the $TERM is returning dumb.
Any idea how to differentiate?

Last edited by Franklin52; 01-29-2013 at 03:38 AM.. Reason: Please use code tags for data and code samples
Sponsored Links
    #2  
Old 01-28-2013
posix's Avatar
posix posix is offline
Registered User
 
Join Date: Feb 2010
Last Activity: 20 November 2014, 5:27 AM EST
Location: grep "Bhubaneswar" "india"
Posts: 192
Thanks: 8
Thanked 13 Times in 13 Posts
Are you looking for chroot jail for ssh / scp / sftp ? Please do a seearch on google about this concept.
Sponsored Links
    #3  
Old 01-29-2013
Anil George Anil George is offline
Registered User
 
Join Date: Jan 2013
Last Activity: 29 January 2013, 12:23 AM EST
Location: Chennai
Posts: 2
Thanks: 0
Thanked 0 Times in 0 Posts
My requirement is similar to the 'chroot jail', but not exactly the same.
I have to restrict the ssh-user to execute only one script(wrap_script.sh) and he should not be allowed to login via ssh to a remote server.

eg:-
Code:
ssh ssh-user@hostname wrap_scripts.sh

Once this script is executed, the control has to come back to the client system. The client system should be allowed to connect to the remote server using sftp and he should get the sftp prompt.

eg:-
Code:
sftp ssh-user@hostname
sftp>

The ssh-user should be only restricted if the connection has come through ssh from a particular client system. Else it should be a normal user.

That is the reason I thought of going for the forced commands in the authorization_keys file in the remote system. So when the connection is coming from that particular client, I should be able to restrict access to that. The ssh-user is a generic user that will be used by other client systems to connect to the remote server. But I need to restrict a particular host as mentioned above.
Thanks in advance. Could anyone please advice?

Last edited by Scrutinizer; 01-29-2013 at 02:27 AM.. Reason: code tags
Sponsored Links
Closed Thread

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

More UNIX and Linux Forum Topics You Might Find Helpful
Thread Thread Starter Forum Replies Last Post
Automating file transfer between two SSH enabled server. nchourasiya Shell Programming and Scripting 4 12-07-2010 10:14 AM
How ti check if passwordless ssh is enabled between two systems vickylife Shell Programming and Scripting 5 09-19-2009 02:22 PM
Generate Public key for non ssh enabled servers ravneet123 UNIX for Advanced & Expert Users 1 08-03-2009 08:39 AM
Generate Public Key when the server is not ssh enabled ravneet123 Shell Programming and Scripting 1 08-03-2009 05:53 AM
How to restrict user to sftp usage? eliraza6 UNIX for Advanced & Expert Users 13 02-06-2008 01:08 AM



All times are GMT -4. The time now is 11:45 PM.