How to allow anonymous ssh login to a Linux box and only run one program?

linux security ssh sandbox
5,319

Solution 1

The traditional approach is to edit the user's login script to trap interrupts, run the program and then logout.

You can set the user's login shell to be a restricted shell (man rksh) "Rksh is a restricted version of the command interpreter ksh; it is used to set up login names and execution environments whose capabilities are more controlled than those of the standard shell." Or use bash in restricted mode.

Remove the user's write access to their login scripts (and anything else the program doesn't need to write to).

For additional security chroot the user.

Solution 2

Perhaps you could set your game binary as the login shell in /etc/passwd.

But I never tried it myself.

Share:
5,319

Related videos on Youtube

user2570403
Author by

user2570403

I am a computer science PhD student specializing in protocols and distributed systems.

Updated on September 17, 2022

Comments

  • user2570403
    user2570403 almost 2 years

    I have a text based game installed on a Linux server, and I would like to allow logins on that server via SSH, but with restrictions.

    The login should go directly to the game which reads keyboard input from stdin. If the game quits the user should be immediately disconnected from the server. Alternately, if the user logs in there should only be one command available to the user, the game.

    I have thought about using a web based interface to the game, but there is something about playing the game in a terminal that just feels right. Please don't reply with "this is a bad idea..." or its variants because that is an easy out. I just want to know if anyone knows of a solution.

  • DWilliams
    DWilliams over 13 years
    This is my first thought as well. In theory the user's login shell in /etc/passwd is just a binary that gets executed when the user logs in. I would assume it could work by just pointing it to the game binary.
  • user5249203
    user5249203 over 13 years
    I'm not sure what happens about STTY settings and environment variables like TERM when you do that. Anyone know?
  • David
    David about 8 years
    Maybe not relevant for the OP, but this wouldn't work for me because I needed to pass arguments to the program.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

How to login ssh without a password using the ssh host key?
Most secure way to access my home Linux server while I am on the road? Specialized solution wanted
Are many sshd/root processes listed by ps, brute force SSH hack attempt?
How to generate "ssh-rsa" key instead of "rsa-sha2-512"
How do I properly SSH into a server behind a NAT while maintaining the tightest possible security?
How to change encryption algorithm for private key file using OpenSSH 5.3
What are possible security issues with an SSH daemon?
How to reliably keep an SSH tunnel open?
SSH through bastion host gives: open failed: connect failed: Connection timed out
setting minimum size of accepted rsa key