anazmy
commented
7 years ago Thanks, it is good for me to consider such tricks while testing, will sure address it
Closed saveyour closed 7 years ago
anazmy
commented
7 years ago Thanks, it is good for me to consider such tricks while testing, will sure address it
anazmy
commented
7 years ago While testing , I considered this scenario , for example in my test env I modified sshd_config on the aker-gateway server should take care of the situation :
Match Group *,!vagrant
ForceCommand /bin/aker/aker.pySo user vagrant will not get aker shell , other users will , I will close this issue for now with this update .
i haven't tested this with Aker yet, as i haven't installed it but i noticed in setup process you add it to /etc/shells and then set it as the default shell with "chsh -s /bin/aker/aker.py username" for users who you want to pipe through aker. this reminded me of an old trick (not necessarily a true vuln) that i used to do when i was forced to use a certain shell to login, i could just manually pass the shell i wanted by doing
ssh user@host.example.com /bin/bashwould someone who uses Aker please try this and see if it works? this behavior can be fixed by editing /etc/ssh/sshd_config to include:
or by editing .profile or .bashrc / whatever your shell's profile dotfile is, to include and begin with /bin/aker/aker.py
in any event, Aker looks pretty useful and i'll be trying it when i get a chance. thanks