* Justin Wells said: > > Nope. ssh invokes the command you request by calling your shell, > with the '-c' argument, so if your shell is dynamically linked, sh > will fail to exec it, and your command (sash) won't get run. No, ssh invokes either an interactive shell or the command specified on the command line. Furthermore, if you use ssh2 (and you can use it for administrative purposes only - on a different port) then you can allow root logins from the known and safe locations and force execution of the static shell. You do that by putting a following line in /root/.ssh2/authorization file (there are a lot more security options in that file which you can exploit): Command /bin/sash Note, that for this to work, you need to have PGP or use RSA/DSA authentification. Also, an alternative is to disallow root logins and setup a special, normal user account with the line: Command /bin/static/su -c /bin/sash in his .authorization file. So, as long as sshd2 is in the memory it will allow you to login even if the dynamics are broken on disk. It does fork(2) then an exec(3) of a statically linked binary - no dynamic linking is involved. marek
Attachment:
pgpmWTKN7mffg.pgp
Description: PGP signature