Difference between revisions of "Restricted Shell for SSH Server"
Jump to navigation
Jump to search
(Created page with "If you use SSH Logins you can lock down the Console to a restriced shell with less enabled commands! * Login as root User on the Server * install rbash with: <pre> apt-get in...") |
|||
| (5 intermediate revisions by the same user not shown) | |||
| Line 1: | Line 1: | ||
If you use SSH Logins you can lock down the Console to a restriced shell with less enabled commands! | If you use SSH Logins you can lock down the Console to a restriced shell with less enabled commands! | ||
| + | |||
| + | Remark: rbash is not 100% secure, Server should be never reachable to Consoles from Internet!! | ||
| + | |||
| + | This does not work with installed tmux or screen, cause Users can break out of rbash! | ||
* Login as root User on the Server | * Login as root User on the Server | ||
| Line 9: | Line 13: | ||
<pre> | <pre> | ||
mv /bin/bash /bin/oldbash | mv /bin/bash /bin/oldbash | ||
| + | </pre> | ||
| + | * Disable other Shells for User | ||
| + | <pre> | ||
chmod o= /bin/oldbash | chmod o= /bin/oldbash | ||
| + | chmod 700 /bin/sh | ||
| + | chmod 700 /bin/dash | ||
</pre> | </pre> | ||
* create a symlink for rbash to bash | * create a symlink for rbash to bash | ||
| Line 15: | Line 24: | ||
$ln -s /bin/bash /bin/rbash | $ln -s /bin/bash /bin/rbash | ||
</pre> | </pre> | ||
| − | + | * enable rbash by system setting /etc/shells | |
<pre> | <pre> | ||
$echo '/bin/rbash' >> /etc/shells | $echo '/bin/rbash' >> /etc/shells | ||
</pre> | </pre> | ||
| − | + | * set user shell to /bin/rbash | |
<pre> | <pre> | ||
$chsh #set user shell to /bin/rbash | $chsh #set user shell to /bin/rbash | ||
</pre> | </pre> | ||
| − | + | * Disable "chsh" Change Shell Command for Users | |
<pre> | <pre> | ||
$chmod o= /bin/chsh | $chmod o= /bin/chsh | ||
</pre> | </pre> | ||
| − | + | * Login as user and test linux commands.. | |
| + | |||
| + | * Purge tmux and screen Multiplexer if installed! | ||
Latest revision as of 15:47, 23 May 2017
If you use SSH Logins you can lock down the Console to a restriced shell with less enabled commands!
Remark: rbash is not 100% secure, Server should be never reachable to Consoles from Internet!!
This does not work with installed tmux or screen, cause Users can break out of rbash!
- Login as root User on the Server
- install rbash with:
apt-get install rbash
- rename bash by:
mv /bin/bash /bin/oldbash
- Disable other Shells for User
chmod o= /bin/oldbash chmod 700 /bin/sh chmod 700 /bin/dash
- create a symlink for rbash to bash
$ln -s /bin/bash /bin/rbash
- enable rbash by system setting /etc/shells
$echo '/bin/rbash' >> /etc/shells
- set user shell to /bin/rbash
$chsh #set user shell to /bin/rbash
- Disable "chsh" Change Shell Command for Users
$chmod o= /bin/chsh
- Login as user and test linux commands..
- Purge tmux and screen Multiplexer if installed!