[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#798639: ITP: restricted-ssh-commands -- Restrict SSH users to a predefined set of commands

Package: wnpp
Severity: wishlist
Owner: Benjamin Drung <benjamin.drung@profitbricks.com>

* Package name    : restricted-ssh-commands
  Version         : TBD
  Upstream Author : Benjamin Drung <benjamin.drung@profitbricks.com>
* URL             : TBD
* License         : MIT
  Programming Lang: Bash
  Description     : Restrict SSH users to a predefined set of commands

restricted-ssh-commands is intended to be called by SSH to restrict a
user to only run specific commands. A list of allowed regular
expressions can be configured in /etc/restricted-ssh-commands/. The
requested command has to match at least one regular expression.
Otherwise it will be rejected.

restricted-ssh-commands is useful to grant restricted access via SSH to
do certain task. For example, it could allow a user to upload a Debian
packages via scp and run reprepro processincoming.

Create a configuration file in /etc/restricted-ssh-commands/ and add
following line to ~/.ssh/authorized_keys to use it

    command="/usr/bin/restricted-ssh-commands",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty ssh-rsa [...]

restricted-ssh-commands is a small shell script, which I use for dput
uploads and safe reboots. I found no other tool that fit into this
niche. rssh and rbash are related, but behave slightly different. Let me
know if you know a similar tool. Otherwise I will write the man page,
create a package, and release it.

Benjamin Drung
System Developer
Debian & Ubuntu Developer

ProfitBricks GmbH
Greifswalder Str. 207
D - 10405 Berlin

Email: benjamin.drung@profitbricks.com
URL:  http://www.profitbricks.com

Sitz der Gesellschaft: Berlin.
Registergericht: Amtsgericht Charlottenburg, HRB 125506B.
Geschäftsführer: Andreas Gauger, Achim Weiss.

Reply to: