> Can we restrict which users can use > ssh and which can't? For the rest of the users, we're using a > restricted shell with telnet, but with ssh, we haven't found a way to > prevent ssh from allowing a shell command (e.g. ssh <host> ls -l) and > forcing the user to only go through the menu.
Probably not without hacking the ssh sources.
Tunnel the restricted-shell Telnet through an ssh connection? Chroot the users? Put the sensitive commands in a directory (adjusting the appropriate PATH variables), put all the non-restricted users in a group, chgrp the directory to that, and sever all user/other priviledges for the directory?
_______________________________________________ Pam-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/pam-list
