I appreciate all the answers, but none of addresses the issue of not being able to address the filesystem. I understand that complexity increases, but would it be less secure to add some builtin commands / function some way? IF I am logged in and allowed to spawn bash, why couldn't I also be allowed to run (some given) commands that are preloaded or hardcoded in the daemon. The reboot example is probably the most important one. Would it really be so dangerous to program a builtin reboot command into ssh, in order to reboot a system that has lost file access? I think a good discussion on the topic here could prove valuable. You could of course drag this too far an build busybox into ssh, but some of the SysRqs could probably be made accessible to sshd. Just having a builtin "echo" and I good do something like "echo b > /proc/sysrq-trigger". Maybe add sysrqd functionality? I am not saying this is necessary or that it doesn't raise concerns, I am saying this could be really helpful if it could be implemented well. Kind regards, bahner fre. 24. jul. 2015 kl. 00.09 skrev Eric Wedaa <Eric.Wedaa@xxxxxxxxxx>: > And of course there's always the old standby in /etc/passwd (obviously > change the account name) > > secretshutdown:x:0:0:root:/root:/sbin/shutdown > > And it presupposes that root logins are allowed (which is asking for > trouble). > > >>>Ericw > _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev