11 Jun
2010
11 Jun
'10
4:21 p.m.
On Fri, June 11, 2010 09:30, chap at anastigmatix.net wrote: Just give the identity a login shell of /bin/true in /etc/passwd and you won't have to be concerned about commands from a shell at all.
Yes, that works too, if you will create a new dedicated identity (or reuse one that already has true for a shell). command="/bin/true" in authorized_keys will work in any event (though something like /bin/echo OK might give a more positive confirmation).
The line in authorized_keys should also disallow all the extra goodies like port forwarding, X tunneling, and so on.
-Chap