lshell is a shell coded in Python, that lets you restrict a user's environment to limited sets of commands, choose to enable/disable any command over SSH (e.g. SCP, SFTP, rsync, etc.), log user's commands, implement timing restriction, and more.
I have installed lshell 0.9.18 on an internal server we are using in turn to mconnect to our customers servers.
Some of them have their own jump servers we mist go through first. We are using the SSH ProxyCommand option to allow us to go through the customer jump server direct to the target server.
This works fine in bash but as soon as we use lshell we get the message
I have installed lshell 0.9.18 on an internal server we are using in turn to mconnect to our customers servers.
Some of them have their own jump servers we mist go through first. We are using the SSH ProxyCommand option to allow us to go through the customer jump server direct to the target server.
This works fine in bash but as soon as we use lshell we get the message
*** forbidden shell escape: "exec ssh -W XXX.XXX.XXX.XXX:22 btl-jump"
using ssh from within lshell to btl-jump works without any issues at all.
I have set in the conf file the following
allowed_shell_escape : ['git','ssh','exec']
I have also set the allowed over ssh as follows
overssh : ['ls', 'rsync' ,'exec','ssh','git','exec']