cli-tool to limit what a user can execute over ssh

Find a file

JMARyA 14e3a7e5c4 refactor logging		2023-12-20 08:47:24 +01:00
src	refactor logging	2023-12-20 08:47:24 +01:00
.gitignore	init	2023-03-23 03:44:23 +01:00
Cargo.lock	fix shell injection vuln	2023-12-20 08:31:16 +01:00
Cargo.toml	fix shell injection vuln	2023-12-20 08:31:16 +01:00
PKGBUILD	add pkgbuild	2023-09-04 22:00:22 +02:00
README.md	move config file to toml	2023-12-06 00:04:14 +01:00

README.md

ssh_cmd_validate

ssh_cmd_validate is a cli-tool to limit what a user can execute over ssh.

Usage

To use this tool add this to sshd_config:

Match User user
    ForceCommand ssh_cmd_validate config.toml

Configuration

The configuration is done in a TOML config file which is provided in the cli arguments.

Possible values to configure are:

log_file: If this key is set, enables logging to the provided file
default_command: This command is run when no command is given to ssh
allowed_commands: a list containing objects describing commands

Every object inside allowed_commands can contain:

executable: Absolute path to the executable that should be allowed
force_arguments: a list of arguments which always overwrite the ones by the user (if this key is not set, the user can provide their own)

log_file = "/ssh.log"
default_command = "uname -a"

[[allowed_commands]]
executable = "/usr/bin/pacman"
force_arguments = [ "-Syu" ]

[[allowed_commands]]
executable = "/bin/ls"