1

For, um, historic reasons, we have a C program for HPUX which accepts telnet connections, and runs a home-grown REPL that restricts the commands available.

Rather than port this code to Linux, I'd like to get effectively the same functionality using standard tools.

Simple, you say - just make a user with bash --restricted as its default shell.

However we want the restricted shell to have an effective userid of "user1", and for it to be accessible without a password. Meanwhile we'd like "user1" to behave normally when accessed in the conventional manner.

I think it would be OK -- desirable even -- if SSH was the comms protocol instead of telnet.

Any ideas?

slim
  • 183
  • 6
  • Some interesting article explaining why restricted shell should be used carefully http://pen-testing.sans.org/blog/pen-testing/2012/06/06/escaping-restricted-linux-shells –  Aug 22 '13 at 15:26
  • I don't think you are going to be able to get SSH to work completely without authentication. It probably wouldn't be too hard to get telnetd setup, and you can encapsulate that in SSL. – Zoredache Aug 23 '13 at 00:00

0 Answers0