Good time of day!
Is it possible to do one or more of the following, without SELinux or GRSecurity?
1) Configure sshd parameters per-user?
2) Make ~/.ssh and ~/.ssh/authorized_keys writable only by root?
3) Disable tty allocation for certain user?
4) Only allow certain users to ssh to restricted set of remote users?
5) Is it possible to specify "forced-command-only" to non-root logins?
6) I want to
completely control ssh access by root (or security administrator)
I have pretty stupid situation:
I have couple of applicative user accounts.
I have lot of developers' accounts.
I want to allow developers to ssh between their hosts as themselves.
I want to allow application users to execute remote commands as other applicative users.
I have to allow developers to "sudo -s" to applicative users.
I want to deny developers to ssh as applicative user with interactive shells.
I want to deny applicative users to run interactive commands.
In other words, I want to prevent something like this:
Quote:
dev@host1$ ssh appl@host2
Permission denied
dev@host1$ ssh host2
dev@host2$ sudo -s -l appl
appl@host2$ cat <dev's pub key> >> .ssh/authorized_keys
appl@host2$ ssh appl@host3
appl@host3$ ...
|
Thank you in advance!