Difference between revisions of "Restricted Shell for SSH Server"
Jump to navigation
Jump to search
| Line 16: | Line 16: | ||
$ln -s /bin/bash /bin/rbash | $ln -s /bin/bash /bin/rbash | ||
</pre> | </pre> | ||
| − | + | * enable rbash by system setting /etc/shells | |
<pre> | <pre> | ||
$echo '/bin/rbash' >> /etc/shells | $echo '/bin/rbash' >> /etc/shells | ||
</pre> | </pre> | ||
| − | + | * set user shell to /bin/rbash | |
<pre> | <pre> | ||
$chsh #set user shell to /bin/rbash | $chsh #set user shell to /bin/rbash | ||
</pre> | </pre> | ||
| − | + | * Disable "chsh" command for users | |
<pre> | <pre> | ||
$chmod o= /bin/chsh | $chmod o= /bin/chsh | ||
</pre> | </pre> | ||
| − | + | * Login as user and test linux commands.. | |
| − | + | ||
| + | * Purge tmux and screen Multiplexer if installed! | ||
Revision as of 15:38, 23 May 2017
If you use SSH Logins you can lock down the Console to a restriced shell with less enabled commands! This does not work with installed tmux or screen, cause Users can break out of rbash!
- Login as root User on the Server
- install rbash with:
apt-get install rbash
- rename bash by:
mv /bin/bash /bin/oldbash chmod o= /bin/oldbash
- create a symlink for rbash to bash
$ln -s /bin/bash /bin/rbash
- enable rbash by system setting /etc/shells
$echo '/bin/rbash' >> /etc/shells
- set user shell to /bin/rbash
$chsh #set user shell to /bin/rbash
- Disable "chsh" command for users
$chmod o= /bin/chsh
- Login as user and test linux commands..
- Purge tmux and screen Multiplexer if installed!