Restrict User to only 2 commands

big_nerd

I know that there is a method in linux to have an SSH Key, but I want the user to only ahve access to execute 2 commands, top and iftop.

It is being used for a PC we've got here for emergency monitoring, but because it may be left open I dont want the ability to do anything else.

Any advice would be great.

CentOS 5.5 / SSHD / Non-Std Port / KeyOnly Auth.

laserlight

Take a look at this ssh - authorized_keys HOWTO, in particular the forced command option. I don't know how to accommodate two commands, but then you could write a shell script and make that shell script the forced command.

big_nerd

laserlight,

thanks! I will do that.

For now, I've opted for the far less secure, but "works", create an unpriv'd user, and add the following to .bashrc:

top
logout

So when they log in, goes right into top (more important than iftop for now).

I was thinking of creating a bash script that traps SIGINT with two options.

The system stays internal @ the office, so I doubt its a huge deal, but just being cautious.