Bug#798639: ITP: restricted-ssh-commands -- Restrict SSH users to a predefined set of commands
Package: wnpp
Severity: wishlist
Owner: Benjamin Drung <benjamin.drung@profitbricks.com>
* Package name : restricted-ssh-commands
Version : TBD
Upstream Author : Benjamin Drung <benjamin.drung@profitbricks.com>
* URL : TBD
* License : MIT
Programming Lang: Bash
Description : Restrict SSH users to a predefined set of commands
restricted-ssh-commands is intended to be called by SSH to restrict a
user to only run specific commands. A list of allowed regular
expressions can be configured in /etc/restricted-ssh-commands/. The
requested command has to match at least one regular expression.
Otherwise it will be rejected.
restricted-ssh-commands is useful to grant restricted access via SSH to
do certain task. For example, it could allow a user to upload a Debian
packages via scp and run reprepro processincoming.
Create a configuration file in /etc/restricted-ssh-commands/ and add
following line to ~/.ssh/authorized_keys to use it
command="/usr/bin/restricted-ssh-commands",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty ssh-rsa [...]
restricted-ssh-commands is a small shell script, which I use for dput
uploads and safe reboots. I found no other tool that fit into this
niche. rssh and rbash are related, but behave slightly different. Let me
know if you know a similar tool. Otherwise I will write the man page,
create a package, and release it.
--
Benjamin Drung
System Developer
Debian & Ubuntu Developer
ProfitBricks GmbH
Greifswalder Str. 207
D - 10405 Berlin
Email: benjamin.drung@profitbricks.com
URL: http://www.profitbricks.com
Sitz der Gesellschaft: Berlin.
Registergericht: Amtsgericht Charlottenburg, HRB 125506B.
Geschäftsführer: Andreas Gauger, Achim Weiss.
Reply to: