I'm trying to set up an environment where a number of users in a certain group can SSH into a server and then execute a set of predefined commands on it, using either a key exchange or a password.
So far I've been told to look into the authorized_keys "commands" section, but as far as I can tell this is only useful for non-human users.
Is there a way to either blacklist or whitelist a number of commands for a certain user group?
For example, users in group X should be able to ls
, /etc/init.d
, rm
, but nothing else.
Best Answer
You will need to create a restricted command shell in the script language of your choice, then set up sshd to force usage of this restricted shell for the group you specify.
Example 8-1 and other following parts of O'Reilly's SSH, The Secure Shell Chapter 8 show ways to do the former.
For the latter, see the
Match
directive description insshd_config(5)
.As an example, you could add the following to
/etc/ssh/sshd_config
: