Security of only allowing a few vetted commands using $SSH_ORIGINAL_COMMAND

Çağlar Arlı - 64 Views

Security of only allowing a few vetted commands using $SSH_ORIGINAL_COMMAND

Using a authorized_keys forced command with ssh and a wrapper-script like this:

#!/usr/bin/env bash

case "$SSH_ORIGINAL_COMMAND" in
  /var/lib/authorized-scripts/*)
    $SSH_ORIGINAL_COMMAND
    ;;
  *)
    exit 1
    ;;
esac

Can a malicious user somehow chain another command after /usr/bin/authorized-scripts/ and therefore overcome this security measure or is this secure?

This suggests that I could simply use ssh user@host '/var/lib/authorized-scripts/script.sh && cat /etc/passwd', but this did not work in my tests.

Can I somehow improve the security of this script while still allowing multiple commands with user-supplied arguments for a single ssh key?

I am aware that the allowed commands themselves should ofcourse not allow any kind of subshells (so, find for example is a nogo for example due to its exec functionality).

P	S	Ç	P	C	C	P
	1	2	3	4	5	6
7	8	9	10	11	12	13
14	15	16	17	18	19	20
21	22	23	24	25	26	27
28	29	30	31

Annanowa

Security of only allowing a few vetted commands using $SSH_ORIGINAL_COMMAND

Security of only allowing a few vetted commands using $SSH_ORIGINAL_COMMAND

Son Yazılar

Son Yorumlar