How to allow anonymous ssh login to a Linux box and only run one program?
Solution 1
The traditional approach is to edit the user's login script to trap interrupts, run the program and then logout.
You can set the user's login shell to be a restricted shell (man rksh) "Rksh is a restricted version of the command interpreter ksh; it is used to set up login names and execution environments whose capabilities are more controlled than those of the standard shell." Or use bash in restricted mode.
Remove the user's write access to their login scripts (and anything else the program doesn't need to write to).
For additional security chroot the user.
Solution 2
Perhaps you could set your game binary as the login shell in /etc/passwd.
But I never tried it myself.
Related videos on Youtube
user2570403
I am a computer science PhD student specializing in protocols and distributed systems.
Updated on September 17, 2022Comments
-
user2570403 almost 2 years
I have a text based game installed on a Linux server, and I would like to allow logins on that server via SSH, but with restrictions.
The login should go directly to the game which reads keyboard input from stdin. If the game quits the user should be immediately disconnected from the server. Alternately, if the user logs in there should only be one command available to the user, the game.
I have thought about using a web based interface to the game, but there is something about playing the game in a terminal that just feels right. Please don't reply with "this is a bad idea..." or its variants because that is an easy out. I just want to know if anyone knows of a solution.
-
DWilliams over 13 yearsThis is my first thought as well. In theory the user's login shell in /etc/passwd is just a binary that gets executed when the user logs in. I would assume it could work by just pointing it to the game binary.
-
user5249203 over 13 yearsI'm not sure what happens about STTY settings and environment variables like TERM when you do that. Anyone know?
-
David about 8 yearsMaybe not relevant for the OP, but this wouldn't work for me because I needed to pass arguments to the program.