jmarya/ssh_cmd_validate
jmarya/ssh_cmd_validate
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity
cli-tool to limit what a user can execute over ssh
9 commits 1 branch 0 tags 47 KiB
Rust 90.9%
Shell 9.1%
Find a file
JMARyA 14e3a7e5c4
refactor logging
2023-12-20 08:47:24 +01:00
src refactor logging 2023-12-20 08:47:24 +01:00
.gitignore init 2023-03-23 03:44:23 +01:00
Cargo.lock fix shell injection vuln 2023-12-20 08:31:16 +01:00
Cargo.toml fix shell injection vuln 2023-12-20 08:31:16 +01:00
PKGBUILD add pkgbuild 2023-09-04 22:00:22 +02:00
README.md move config file to toml 2023-12-06 00:04:14 +01:00

README.md

ssh_cmd_validate

ssh_cmd_validate is a cli-tool to limit what a user can execute over ssh.

Usage

To use this tool add this to sshd_config:

Match User user
    ForceCommand ssh_cmd_validate config.toml

Configuration

The configuration is done in a TOML config file which is provided in the cli arguments.

Possible values to configure are:

  • log_file: If this key is set, enables logging to the provided file
  • default_command: This command is run when no command is given to ssh
  • allowed_commands: a list containing objects describing commands

Every object inside allowed_commands can contain:

  • executable: Absolute path to the executable that should be allowed
  • force_arguments: a list of arguments which always overwrite the ones by the user (if this key is not set, the user can provide their own)
log_file = "/ssh.log"
default_command = "uname -a"

[[allowed_commands]]
executable = "/usr/bin/pacman"
force_arguments = [ "-Syu" ]

[[allowed_commands]]
executable = "/bin/ls"