Is it safe to use /bin/cat as shell for a restricted user?

linux ssh users account-restrictions
6,818

This is a pretty standard reason to change the shell. Typically /bin/false or other shells like /bin/cat are used.

Typically you can't escape from /bin/cat and it is unlikely that cat has a security bug but other methods may still work, like creating a DoS or bypassing Firewall rules.

Another probably more severe problem is if you are using the internal-sftp module for sftp. This would allow users with /bin/cat as shell to use sftp to get access to your file-system and browse its content.

For your specific use-case i would recommend using tunnels or vpns instead of providing ssh access to your customers.

Share:
6,818

Related videos on Youtube

juice
Author by

juice

Updated on September 18, 2022

Comments

  • juice
    juice over 1 year

    I need to remontely log on to few peoples machines to do maintanance tasks, but sometimes the machines can be behind firewalls or NAT's.

    The way I have been doing it is to give the user advice on how to log in to my system with SSH so that reverse tunneling is enabled, like “use the command ssh -R 12345:localhost:22 [email protected] and log in with the password xyzzy”.

    Now, this works fine, but for the sake of safety I need to go and disable the ssh login for user uremonte when I am done, and remember to re-enable it when I need it again, or else someone might log into my administation frontend machine unwanted, or said legitimite users might try to mess around while I am using the tunnel.

    I thought of setting the user shell in /etc/passwd to /bin/cat, so anyone logging in does not get chance to do anything on the shell, and still the connection would stay alive for the reverse tunnel. This seems to be OK, but I would like to be sure this does not punch any holes in my system.

    So, the question is, is this absolutely safe? Is there any way somebody logging in to this account could break away from the cat-trap?

  • juice
    juice almost 12 years
    I checked the use case for sftp, and the result is as desired, meaning it is not possible to establish sftp session. There are no other protocols that are available, so I am pretty sure it is secure.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

different shell for root and non-root user
SSH not landing in the home directory
How can I create and grant a normal user with root privileges?
How to restrict a linux user to read only specific folder
Allow scp/ssh for www-data user
Show all users and their groups/vice versa
SCP without password prompt using different username
How can I get the list of ldap users without being sudo?
What is the purpose of the 'ssh' group?
Which users are allowed to log in via SSH by default?