I have a program that I want certain users to access. I want access to that program to be secure (so what is typed and sent back is encrypted). The program is an admin shell for the server. It will give the user the ability to perform various tasks, like catting a particular file, running screen, running uptime, mail commands, and a bit of socket manipulation.

If push comes to shove, I’ll implement this as a web application. But there are certain things (like the screen functionality) which are really best done via my preferred option, SSH. However, SSH seems to open up too many security issues.

For example…

Is there anyway I can prevent the user from accessing anything else besides that one program?

I can set their login (in /etc/passwd) so they run my script on login. But I understand there are ways to bypass this (at least, it can be bypassed if they run su). Or perhaps they use the SSH connection to just run a command (vs. opening a shell).

Also, if I give them ssh access, can I prevent them from having scp access?

Is there a way to ensure that any ssh-related access is via a chrooted environment?

And I’ve probably missed a bunch of other issues as well.

Does anyone have any suggestions for providing ‘locked down’ SSH access (URLs or details appreciated). Or should I break out the PHP and go for a web application?

I'd go php - can still use ssl if you want crypto.

PHP will do about 95% of what I need. And it's 'known'. However, ideally I want to run screen which isn't something that php can wrap. So PHP (over SSL) is still plan B.