diff options
Diffstat (limited to 'z-distfiles/scripts-gw/ssh_wrapper')
| -rwxr-xr-x | z-distfiles/scripts-gw/ssh_wrapper | 30 |
1 files changed, 30 insertions, 0 deletions
diff --git a/z-distfiles/scripts-gw/ssh_wrapper b/z-distfiles/scripts-gw/ssh_wrapper new file mode 100755 index 0000000..0d9a7b4 --- /dev/null +++ b/z-distfiles/scripts-gw/ssh_wrapper @@ -0,0 +1,30 @@ +#!/bin/sh +# +# This script checks to make sure that an incoming SSH command is a +# permitted command, and executes it if it is. If not, the script +# simply exits, which will cause a read timeout at the other end of +# the connection. +# +LOGFILE=${HOME}/.log/ssh.check + +check_run () { + if [ "$SSH_ORIGINAL_COMMAND" = "$1" ]; then + echo "Command OK!" >> $LOGFILE + exec $SSH_ORIGINAL_COMMAND + return 0 + fi + echo "Command REJECTED!" >> $LOGFILE + return 1 +} + +/bin/date >> $LOGFILE +echo "Remote command: ${SSH_ORIGINAL_COMMAND}" >> $LOGFILE + +if [ -d "${HOME}/.ssh_wrap" ]; then + for allowed in ${HOME}/.ssh_wrap/* + do + check_run `head -n 1 "${allowed}"` + done +else + echo "No commands allowed!" >> $LOGFILE +fi |