[prev in list] [next in list] [prev in thread] [next in thread] 

List:       openbsd-www
Subject:    SSH and nopty
From:       Richard Heasman <richard.heasman () sse ! com>
Date:       2014-02-17 9:29:43
Message-ID: OF4E9A3252.B97DB974-ON80257C82.0033C849-80257C82.003428CE () sse ! com
[Download RAW message or body]

Good morning,

Firstly, thanks for your ongoing development and good work.

I have a question that I would like to pose to you, as I have not found 
any satisfactory answer despite long research. 

Background:
We use ssh keys to distribute code and run commands. These are 
appropriately controlled and logged. However I wish to stop 
users/administrators using these as a back-door to the other systems. I 
have configured the "notty" option on the authorised_keys file, yet this 
still does not prevent the following:

ssh SERVER ksh

This will not return a prompt but will allow commands to be run 
interactively. 

Do you have any recommendation / setting that would prevent this?

Regards,

Richard Heasman 
Infrastructure

SSE | 4 Penner Road, Havant, Hants, PO9 1QH, UK

Direct: +44 (023) 9227 7564 / 37564     
www.sse.com 

How did I do? Please press one of the following buttons to provide 
feedback about the response I gave you today.
More than I expected, thanks very much.
Good stuff, thanks!
Solid standard responses.
My performance is fine, but you don't like / agree with the answer you've 
got from me.
Got there in the end.
I'll work on these!
Registered Office: Inveralmond House 200 Dunkeld Road Perth PH1 3AQ
Registered in Scotland No. SC117119
www.sse.com

**********************************************************************

[demime 1.01d removed an attachment of type image/jpeg]

[prev in list] [next in list] [prev in thread] [next in thread]