blob: 9055050c533df8431cad2be9dd88310b10a9ad6f (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
|
#!/bin/sh
#
# This script checks to make sure that an incoming SSH command is a
# permitted command, and executes it if it is. If not, the script
# simply exits, which will cause a read timeout at the other end of
# the connection.
#
LOGFILE=${HOME}/.log/ssh.check
check_run () {
if [ "$SSH_ORIGINAL_COMMAND" = "$1" ]; then
echo "Command OK!" >> $LOGFILE
exec $SSH_ORIGINAL_COMMAND
return 0
fi
return 1
}
/bin/date >> $LOGFILE
echo "Remote command: ${SSH_ORIGINAL_COMMAND}" >> $LOGFILE
if [ -d "${HOME}/.ssh_wrap" ]; then
for allowed in ${HOME}/.ssh_wrap/*
do
command=`head -n 1 "${allowed}"`
check_run "${command}"
done
else
echo "No commands allowed!" >> $LOGFILE
fi
|
GitWeb
