-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathforced_cmd.sh
33 lines (30 loc) · 1.1 KB
/
forced_cmd.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
#!/bin/sh
###############################################################################
# Author: Michael Grubb - mgrubb
#
# Purpose: This script provides serves both a concrete and abstract
# example of how to define a forced command wrapper for SSH-1 & SSH-2
#
# Details: This forced command wrapper will examine the basename of the
# requested command, and compare it to a list of well-known shell names.
# If the request is for a well-known shell then it will be denied.
###############################################################################
# SSH-1 and SSH-2 use different variables
# This normalizes the data into one variable.
SSH_COMMAND="${SSH2_ORIGINAL_COMMAND}"
if [ "${SSH_COMMAND}x" = "x" ] ; then
SSH_COMMAND="${SSH_ORIGINAL_COMMAND}"
fi
BASE="`basename ${SSH_COMMAND}`"
case "${BASE}" in
ksh|bash|csh|tcsh|jsh|pfcsh|zsh|sh|pfsh|pfksh|.)
echo "Shells are not allowed!"
exit
;;
*)
# Use exec here so that there's not a spare shell process
# lingering around.
exec ${SSH_COMMAND}
;;
esac
## vi:ts=4 sw=4