Hi Peter,
What I am looking for is an SSHD configuration where every successfully
authenticated connection also guaranteedly will lead to a ForcedCommand
invocation.
Currently I understand this to be the case only for the connections that
open channel to deliver a terminal, command or SFTP (I don't know if you
have a collective name for such non-forwarding channels).
Is this possible?
Do you feel that it is a relevant feature?
Thanks,
Tinker
On 2015-11-26 08:10, Peter Stuge wrote:
Tinker wrote:
I tried with all available options to disable forwarding-only
connections, by:
"AllowAgentForwarding no
AllowTcpForwarding no"
This had no effect, so what I got in effect was dummy connections.
The above two options combined with X11Forwarding no added to your
sshd_config will disallow all forwarding.
Please explain what you mean by "dummy" above?
I would like to disable this "class" of connections altogether.
Note that a forwarding is not a connection, but a channel. One
connection can have several channels.
The outcome will be that all authenticated connections will lead to
a command, be it /usr/libexec/sftp-server or other.
The above three options should do just that. If it's not working as
you want then please provide debug log output from the sshd where you
have added the three above configuration statements, when a client
connects to it and is able to open a forwarding channel. That would
be a bug.
//Peter
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev