From e345d4aaea451615487933af3d58a112ec36b6c4 Mon Sep 17 00:00:00 2001 From: Gunnar Wrobel Date: Wed, 21 Sep 2005 21:06:01 +0000 Subject: Added ssh_wrapper script to my scripts. Bumped to version 1.2.3 svn path=/local/; revision=428 --- z-distfiles/Makefile | 2 +- z-distfiles/scripts-gw/Makefile | 2 +- z-distfiles/scripts-gw/ssh_wrapper | 30 ++++++++++++++++++++++++++++++ 3 files changed, 32 insertions(+), 2 deletions(-) create mode 100755 z-distfiles/scripts-gw/ssh_wrapper diff --git a/z-distfiles/Makefile b/z-distfiles/Makefile index 5d617f9..ed74175 100644 --- a/z-distfiles/Makefile +++ b/z-distfiles/Makefile @@ -1,5 +1,5 @@ DOWNLOAD_DIR=/var/www/www.gunnarwrobel.de/htdocs/downloads/ -VERSION=1.2.2 +VERSION=1.2.3 TAR=tar cvfj TAREX=--exclude="CVS" --exclude=".svn" --exclude=*~ diff --git a/z-distfiles/scripts-gw/Makefile b/z-distfiles/scripts-gw/Makefile index 1dd36c9..8932cbb 100644 --- a/z-distfiles/scripts-gw/Makefile +++ b/z-distfiles/scripts-gw/Makefile @@ -1,7 +1,7 @@ DESTDIR= SBINSCRIPTS = SVN-dump SVN-monthly birthDay check-SUID tripUpdate SVN-daily check-ALLWRITE dailyRoutine mysql-dump-all -BINSCRIPTS = emerge-single svm-replicate svm-expanded svm-start svn-add svn-del +BINSCRIPTS = emerge-single svm-replicate svm-expanded svm-start svn-add svn-del ssh_wrapper all: echo "No compilation necessary!" diff --git a/z-distfiles/scripts-gw/ssh_wrapper b/z-distfiles/scripts-gw/ssh_wrapper new file mode 100755 index 0000000..0d9a7b4 --- /dev/null +++ b/z-distfiles/scripts-gw/ssh_wrapper @@ -0,0 +1,30 @@ +#!/bin/sh +# +# This script checks to make sure that an incoming SSH command is a +# permitted command, and executes it if it is. If not, the script +# simply exits, which will cause a read timeout at the other end of +# the connection. +# +LOGFILE=${HOME}/.log/ssh.check + +check_run () { + if [ "$SSH_ORIGINAL_COMMAND" = "$1" ]; then + echo "Command OK!" >> $LOGFILE + exec $SSH_ORIGINAL_COMMAND + return 0 + fi + echo "Command REJECTED!" >> $LOGFILE + return 1 +} + +/bin/date >> $LOGFILE +echo "Remote command: ${SSH_ORIGINAL_COMMAND}" >> $LOGFILE + +if [ -d "${HOME}/.ssh_wrap" ]; then + for allowed in ${HOME}/.ssh_wrap/* + do + check_run `head -n 1 "${allowed}"` + done +else + echo "No commands allowed!" >> $LOGFILE +fi -- cgit v1.2.3-65-gdbad