blob: 0d9a7b4bc83711f471104b6d038a153466e1a2ab (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
|
#!/bin/sh
#
# This script checks to make sure that an incoming SSH command is a
# permitted command, and executes it if it is. If not, the script
# simply exits, which will cause a read timeout at the other end of
# the connection.
#
LOGFILE=${HOME}/.log/ssh.check
check_run () {
if [ "$SSH_ORIGINAL_COMMAND" = "$1" ]; then
echo "Command OK!" >> $LOGFILE
exec $SSH_ORIGINAL_COMMAND
return 0
fi
echo "Command REJECTED!" >> $LOGFILE
return 1
}
/bin/date >> $LOGFILE
echo "Remote command: ${SSH_ORIGINAL_COMMAND}" >> $LOGFILE
if [ -d "${HOME}/.ssh_wrap" ]; then
for allowed in ${HOME}/.ssh_wrap/*
do
check_run `head -n 1 "${allowed}"`
done
else
echo "No commands allowed!" >> $LOGFILE
fi
|