Network Security: Detailed info on Restricted (ksh -r) shell and SSH on AIX5.1

Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.

Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.

Network Security Secure-Shell

[Top] [All Lists]

Restricted (ksh -r) shell and SSH on AIX5.1

from [Rob Sherry] Network Security

[Permanent Link]

Subject:	Restricted (ksh -r) shell and SSH on AIX5.1
Date:	Mon, 19 Nov 2007 11:51:26 -0900

This seems to have been covered ad nauseam on the mailing list before,
but I'm getting an odd behavior out of my system (AIX 5.1, all patched
up):

Configured OpenSSH. Works great.

Have one user I want to be able to use sftp, but not an interactive (ie
SSH/telnet) login.

Set user's shell to /usr/bin/ksh -r)

Now, every time he tries to log in via either ssh *or* sftp, I get the
following showing up in the syslog:

Nov 19 10:21:09 hostname sshd[811106]: User bogus not allowed because
shell /usr/bin/ksh -r is not executable

I've checked /etc/shells, I've checked for typos, I've checked for
missing/bogus links, etc. and nothing seems out of order...I know others
have used various restricted shells before, and I don't think this is so
complex a config that it calls for something like scponly...

Anyone have any ideas? Am I missing something stupidly simple? (and yes,
/usr/bin/ksh *is* executable)

MTIA

Rob

[More messages with this same subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
Restricted (ksh -r) shell and SSH on AIX5.1, Rob Sherry <= Re: Restricted (ksh -r) shell and SSH on AIX5.1, Jeremy C. Reed RE: Restricted (ksh -r) shell and SSH on AIX5.1, Mike Wodei Re: Restricted (ksh -r) shell and SSH on AIX5.1, lonely wolf Re: Restricted (ksh -r) shell and SSH on AIX5.1, Derek Martin Re: Restricted (ksh -r) shell and SSH on AIX5.1, Hari Sekhon

Previous by Date:	Re: Defering passphrase entry with ssh-add, Hari Sekhon
Next by Date:	Re: Defering passphrase entry with ssh-add, Christopher Key
Previous by Thread:	Defering passphrase entry with ssh-add, Christopher Key
Next by Thread:	Re: Restricted (ksh -r) shell and SSH on AIX5.1, Jeremy C. Reed
Indexes:	[Date] [Thread] [Top] [All Lists]