2062 – Add support for a ForceShell sshd option

Bug 2062 - Add support for a ForceShell sshd option

Summary: Add support for a ForceShell sshd option

Status:	NEW

Alias:	None

Product:	Portable OpenSSH
Classification:	Unclassified
Component:	sshd (show other bugs)
Version:	-current
Hardware:	All All

Importance:	P5 enhancement
Assignee:	Assigned to nobody

URL:
Keywords:

Depends on:
Blocks:

Reported:	2013-01-15 07:34 AEDT by Iain Morgan
Modified:	2020-01-25 17:53 AEDT (History)
CC List:	1 user (show)

See Also:

Attachments
Add a ForceShell option to override the user's shell (4.83 KB, patch) 2013-01-15 07:34 AEDT, Iain Morgan	no flags	Details \| Diff
Updated patch (4.56 KB, patch) 2015-01-28 09:22 AEDT, Iain Morgan	no flags	Details \| Diff
Show Obsolete (1) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Iain Morgan 2013-01-15 07:34:26 AEDT

Created attachment 2207 [details]
Add a ForceShell option to override the user's shell

This patch adds a ForceShell option to sshd to override the user's shell. This can be used in a Match block to conditionally replace the user's shell with a restricted shell such as rksh, scponly or authpf.

For example,

    Match Address !192.168.10.0/24
        ForceShell    /usr/sbin/authpf

This provides more flexibility than merely changing the user's shell in the passwd file. It also makes it possible to override the shell when LDAP or NIS is used for user information.

Comment 1 Iain Morgan 2015-01-28 09:22:20 AEDT

Created attachment 2535 [details]
Updated patch

Comment 2 Damien Miller 2020-01-25 17:53:58 AEDT

AFAIK it's possible to do this via ForceCommand already, as it receives the original command-line from the client as $SSH_ORIGINAL_COMMAND