Preventing shells from being spawned

Rob Landley rob at
Sun May 18 05:24:32 WST 2008

On Friday 16 May 2008 13:21:39 Korey Calmettes wrote:
> Hello,
> Back in 2005, there was a post from John Daz who would like to tunnel into
> an embedded system without providing a shell.  It was responded by Matt who
> advised him to comment out line 70 of svr-session.c which read
> "&svrchansess,".

Just set your account's shell in /etc/passwd to some kind of gatekeeper 
program.  Whatever command line you run is always invoked through that 
program, and it doesn't have to be a shell.  (Try setting it to "/bin/echo" 
and then play around with the result.)

"One of my most productive days was throwing away 1000 lines of code."
  - Ken Thompson.

More information about the Dropbear mailing list