From owner-freebsd-questions  Wed Oct  1 19:55:36 1997
Return-Path: <owner-freebsd-questions>
Received: (from root@localhost)
          by hub.freebsd.org (8.8.7/8.8.7) id TAA26345
          for questions-outgoing; Wed, 1 Oct 1997 19:55:36 -0700 (PDT)
Received: from ocala.cs.miami.edu (ocala.cs.miami.edu [129.171.34.17])
          by hub.freebsd.org (8.8.7/8.8.7) with SMTP id TAA26334
          for <freebsd-questions@FreeBSD.ORG>; Wed, 1 Oct 1997 19:55:29 -0700 (PDT)
Received: from ocala.cs.miami.edu by ocala.cs.miami.edu via SMTP (950413.SGI.8.6.12/940406.SGI)
	 id WAA02640; Wed, 1 Oct 1997 22:52:54 -0400
Date: Wed, 1 Oct 1997 22:52:54 -0400 (EDT)
From: "Joe \"Marcus\" Clarke" <jmcla@ocala.cs.miami.edu>
Reply-To: "Joe \"Marcus\" Clarke" <jmcla@ocala.cs.miami.edu>
To: Michael Richards <026809r@dragon.acadiau.ca>
cc: freebsd-questions@FreeBSD.ORG
Subject: Re: Secure Shell as a script
In-Reply-To: <199710020049.VAA22050@dragon.acadiau.ca>
Message-ID: <Pine.SGI.3.96.971001225034.2618A-100000@ocala.cs.miami.edu>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-questions@FreeBSD.ORG
X-Loop: FreeBSD.org
Precedence: bulk

The only thing I would change, would be make the operative line:

exec telnet -E gragon.acadiau.ca

This will replace the sh proc with the telnet proc.  Saves you a
process.

-Joe Clarke

On Wed, 1 Oct 1997, Michael Richards wrote:

> Does anyone know of security considerations of setting up a user as a shell
> as follows:
> 
> set the shell to:
> /usr/local/bin/DragonShell
> 
> This DragonShell contains the following:
> !/bin/sh
> 
> telnet -E dragon.acadiau.ca
> 
> Basically it is just to allow a user to telnet from the console of a box,
> but not to allow them shell access to that same box.
> (The -E switch does not allow them to use ^] to get to the telnet> prompt
> and try to execute a shell from there.
> 
> Also, that sets the shell type to cons25. Does anyone know how to make this
> speak vt100? would the soluton be to add some line like
> set TERM = "vt100" before the telnet line in that script? Or is it more
> complicated than that?
> 
> Basically what I am doing is making this a public dumb terminal that will
> allow them to log in and use another host.
> 
> Any help would be appreciated... Thanks
> -Mike
>