Difference between revisions of "Restricted Shell for SSH Server"

From wiki.linuxonlinehelp.eu
Jump to navigation Jump to search
 
(2 intermediate revisions by the same user not shown)
Line 1: Line 1:
 
If you use SSH Logins you can lock down the Console to a restriced shell with less enabled commands!
 
If you use SSH Logins you can lock down the Console to a restriced shell with less enabled commands!
 +
 +
Remark: rbash is not 100% secure, Server should be never reachable to Consoles from Internet!!
  
 
This does not work with installed tmux or screen, cause Users can break out of rbash!
 
This does not work with installed tmux or screen, cause Users can break out of rbash!
Line 11: Line 13:
 
<pre>
 
<pre>
 
mv /bin/bash /bin/oldbash
 
mv /bin/bash /bin/oldbash
 +
</pre>
 +
* Disable other Shells for User
 +
<pre>
 
chmod o= /bin/oldbash
 
chmod o= /bin/oldbash
 +
chmod 700 /bin/sh
 +
chmod 700 /bin/dash
 
</pre>
 
</pre>
 
* create a symlink for rbash to bash
 
* create a symlink for rbash to bash
Line 25: Line 32:
 
$chsh  #set user shell to /bin/rbash
 
$chsh  #set user shell to /bin/rbash
 
</pre>
 
</pre>
* Disable "chsh" command for users
+
* Disable "chsh" Change Shell Command for Users
 
<pre>
 
<pre>
 
$chmod o= /bin/chsh
 
$chmod o= /bin/chsh

Latest revision as of 15:47, 23 May 2017

If you use SSH Logins you can lock down the Console to a restriced shell with less enabled commands!

Remark: rbash is not 100% secure, Server should be never reachable to Consoles from Internet!!

This does not work with installed tmux or screen, cause Users can break out of rbash!

  • Login as root User on the Server
  • install rbash with:
apt-get install rbash
  • rename bash by:
mv /bin/bash /bin/oldbash
  • Disable other Shells for User
chmod o= /bin/oldbash
chmod 700 /bin/sh
chmod 700 /bin/dash
  • create a symlink for rbash to bash
$ln -s /bin/bash /bin/rbash
  • enable rbash by system setting /etc/shells
$echo '/bin/rbash' >> /etc/shells
  • set user shell to /bin/rbash
$chsh   #set user shell to /bin/rbash
  • Disable "chsh" Change Shell Command for Users
$chmod o= /bin/chsh
  • Login as user and test linux commands..
  • Purge tmux and screen Multiplexer if installed!