SSH

opnine · 03-08-2018, 06:20 AM

Hello,

I have 2 users
Temp1
Temp2

I want to configure that this user only has one ssh connection, example:
Temp1 is already connected and if someone tries to connect again with Temp1 it will be rejected.

Also I need to know how I can limit users Temp so they can just execute only a few commands.

Thanks.

sundialsvcs · 03-08-2018, 06:38 AM

Well, that's not necessarily a good thing to do. If sshd thinks that you still have a session going, but you don't, then this can

lock you out

of a remote machine. Very messy.

opnine · 03-08-2018, 08:06 AM

hello
the ssh connection I just got it fixed, what im having issue is how to configure the users to only execute and restrict commands.

thansk.

Turbocapitalist · 03-08-2018, 11:51 AM

As you've probably seen, to limit SSH login to specific users, put them in a group and then set AllowGroups in sshd_config accordingly.

If you want to limit which programs an account can use while logged, that is much harder and you must turn to rbash or rksh. That's just the first step.

The second step is to make a read-only directory, say /usr/local/rbin, and populate it with links (symbolic or hardlinks) to only the programs that the restricted account would be allowed to, and needs to, run.

The next step is to set $PATH for the restricted user and remove the ability to write to the home directory and .basrc and .profile especially. The other files and directories can be writeable but it is essential that the restricted account be unable to modify $PATH. If it is too undesirable to limit the home directory permissions, then you'll have to modify /etc/profile, /etc/profile.d/*, and /etc/bash.bashrc instead. That might be trickier unless you are familiar with shell scripting.

It's doable but just be sure to test a bit.

opnine · 03-08-2018, 12:05 PM

thanks all for the help but still need to understand how.