It should be safe as all execution of code are forbidden for users.
2014-07-21 17:21 GMT+02:00 Haripada Bhowmick <[email protected]>: > Team, > > I want to setup Apache SSHD Server in my Linux box . Few of my clients will > be using SSH Tunnel using my Linux BOX. > > My aim is to ENABLE port forwarding ONLY , for those users. At any cost > I don't want them to execute any command to hack my server. > > In order to do that I set > > *sshd.setShellFactory(null);* > * sshd.setCommandFactory(null); * > > Now using following code I can do SSH tunnel..But I can not use PUTTY to > execute any command as expected. It looks good and full proof to me . > > *Can you please tell : * > *Is there any security whole which is going unattended and hacker can take > control of my server. Because I will provide Apache SSHD user id password > to various people.* > > > > Thank you > Harry > > ========================= CODE ====================== > > > public class sshServer { > public static SshServer sshd = null; > > public static SessionFactory sessFactory = null; > > // public static ProcessShellFactory shell = null; > > public static void main(String[] args) throws InterruptedException, > IOException { > > SshServer sshd = SshServer.setUpDefaultServer(); > sshd.setPort(22); > sshd.setKeyPairProvider(new SimpleGeneratorHostKeyProvider( > "hostkey.ser")); > > /* > * sshd.setShellFactory(new ProcessShellFactory(new String[] { > * "/bin/sh", "-i", "-l" })); > */ > > /* > * sshd.setShellFactory(new ProcessShellFactory( new String[] { > * "cmd.exe " }, EnumSet.of( ProcessShellFactory.TtyOptions.Echo, > * ProcessShellFactory.TtyOptions.ICrNl, > * ProcessShellFactory.TtyOptions.ONlCr))); > */ > > // ## ########################### *IMPORTANT*: DISABLE IT - > // ### > sshd.setShellFactory(null); > sshd.setCommandFactory(null); > // ## ################ DISABLE IT -- > > sshd.setTcpipForwardingFilter(new ForwardingFilter() { > public boolean canForwardAgent(Session session) { > return false; > } > > public boolean canForwardX11(Session session) { > return false; > } > > public boolean canListen(SshdSocketAddress address, Session session) { > return false; > } > > public boolean canConnect(SshdSocketAddress address, Session session) { > return true; > } > }); > > sshd.setPasswordAuthenticator(new PasswordAuthenticator() { > > @Override > public boolean *authenticate*(String usr, String pss, > ServerSession arg2) { > if (usr.equals("*specialuser*") && pss.equals("*specialpass*")) > return true; > return false; > } > > }); > sshd.start(); > > } > =========================================================== >
