HPE Community
Operating System - HP-UX
1753765 Members
6005 Online
108799 Solutions
New Discussion

Need to restrict user to do ssh to another host

 
UX-ADM
Occasional Contributor

‎02-05-2013 08:58 PM

‎02-05-2013 08:58 PM

Need to restrict user to do ssh to another host

Hi Guys,

 

I need to restrict one of local user on HPUX 11iv3 system to do ssh to any other host. It means user should not be allowed to do ssh to any IP or specific IP's

Looking for any option or method available to achieve it.

 

Thanks in advance.

 

Unixadm.

0 Kudos
Reply
1 REPLY 1
Matti_Kurkela
Honored Contributor

‎02-06-2013 02:17 AM

‎02-06-2013 02:17 AM

Re: Need to restrict user to do ssh to another host

To successfully enforce such a restriction, you may have to list the things the user *is* allowed to do on that system, and set up a restricted shell to permit only those activities.

 

Otherwise, the user may work around any restrictions you place on the ssh binary by bringing his/her own ssh binary to the system. As long as the user has access to an unrestricted shell and the default HP-UX tools, the user might prepare an uuencoded version of the SSH binary at some other location, and then run "uudecode > my_very_own_ssh" on the system, then copy & paste the contents of the uuencoded file to the session. Since the user is the creator & owner of the file, s/he can easily give it an execute permission and start using it.

MK
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.