通过配置强制 ssh 用户使用不同的 shell

Question

您可以ForceCommand使用Match：

Match Address 10.1.0.0/16
    ForceCommand /usr/bin/git-shell

从man sshd_config：

 Match   Introduces a conditional block.  ...
         The arguments to Match are one or more criteria-pattern pairs or
         the single token All which matches all criteria.  The available
         criteria are User, Group, Host, LocalAddress, LocalPort, and
         Address.
 ForceCommand
         Forces the execution of the command specified by ForceCommand,
         ignoring any command supplied by the client and ~/.ssh/rc if
         present.  The command is invoked by using the user's login shell
         with the -c option.

因此，您指定的命令将使用用户的登录 shell 执行，该 shell 必须接受该-c选项。命令退出时连接将关闭，因此从实际目的来看，该命令就是他们的 shell。

Answer 1

您可以ForceCommand使用Match：

Match Address 10.1.0.0/16
    ForceCommand /usr/bin/git-shell

从man sshd_config：

 Match   Introduces a conditional block.  ...
         The arguments to Match are one or more criteria-pattern pairs or
         the single token All which matches all criteria.  The available
         criteria are User, Group, Host, LocalAddress, LocalPort, and
         Address.
 ForceCommand
         Forces the execution of the command specified by ForceCommand,
         ignoring any command supplied by the client and ~/.ssh/rc if
         present.  The command is invoked by using the user's login shell
         with the -c option.

因此，您指定的命令将使用用户的登录 shell 执行，该 shell 必须接受该-c选项。命令退出时连接将关闭，因此从实际目的来看，该命令就是他们的 shell。

通过配置强制 ssh 用户使用不同的 shell

答案1

相关内容