Date: Wed, 1 Oct 1997 22:52:54 -0400 (EDT) From: "Joe \"Marcus\" Clarke" <jmcla@ocala.cs.miami.edu> To: Michael Richards <026809r@dragon.acadiau.ca> Cc: freebsd-questions@FreeBSD.ORG Subject: Re: Secure Shell as a script Message-ID: <Pine.SGI.3.96.971001225034.2618A-100000@ocala.cs.miami.edu> In-Reply-To: <199710020049.VAA22050@dragon.acadiau.ca>
next in thread | previous in thread | raw e-mail | index | archive | help
The only thing I would change, would be make the operative line: exec telnet -E gragon.acadiau.ca This will replace the sh proc with the telnet proc. Saves you a process. -Joe Clarke On Wed, 1 Oct 1997, Michael Richards wrote: > Does anyone know of security considerations of setting up a user as a shell > as follows: > > set the shell to: > /usr/local/bin/DragonShell > > This DragonShell contains the following: > !/bin/sh > > telnet -E dragon.acadiau.ca > > Basically it is just to allow a user to telnet from the console of a box, > but not to allow them shell access to that same box. > (The -E switch does not allow them to use ^] to get to the telnet> prompt > and try to execute a shell from there. > > Also, that sets the shell type to cons25. Does anyone know how to make this > speak vt100? would the soluton be to add some line like > set TERM = "vt100" before the telnet line in that script? Or is it more > complicated than that? > > Basically what I am doing is making this a public dumb terminal that will > allow them to log in and use another host. > > Any help would be appreciated... Thanks > -Mike >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.SGI.3.96.971001225034.2618A-100000>