On Mon, 20 Dec 2021 16:53:44 +0100 Ulrich Sibiller <ul...@gmx.de> wrote:
> > I have no complete answer to it, but if you use keys instead of > > user/pass then you will be able to restrict ssh in > > ~/.ssh/authorized_keys > > > > from="1.2.3.4,2.3.4.5,9.8.7.6",no-port-forwarding,command="/path/to/script",no-X11-forwarding,no-agent-forwarding,no-pty > > ssh-rsa <key> > > > > (all in 1 line) > > > > This is an example of what I use here, I think there must be many > > other options available. > > Although I only have used it with keys so far it seems not to be > restricted to keys only, see man sshd_config: > ForceCommand > Forces the execution of the command specified by > ForceCommand, ignoring any command supplied by the client and > ~/.ssh/rc if present. The command is invoked by using the user's > login shell > with the -c option. This applies to shell, command, or > subsystem execution. It is most useful inside a Match block. The > command originally supplied by the client is available in the > SSH_ORIGINAL_COMMAND environment variable. Specifying a > command of internal-sftp will force the use of an in-process SFTP > server that requires no support files when used with > ChrootDirectory. The default is none. Ok, thnx Uli for pointing this out. I'm not an authorized_keys expert ;-) R. -- richard lucassen http://contact.xaq.nl/ _______________________________________________ x2go-user mailing list x2go-user@lists.x2go.org https://lists.x2go.org/listinfo/x2go-user
