I have written a simple application that runs in console mode. I want to allow people from the Internet to SSH to this host and use the application in question.
Each time someone SSH's to the server, I want to be able to allow an instance of the application to run in their SSH session. They will work with the program, and then after it has completed (i.e. it exits) the SSH session should be closed.
The caveats are:
- I don't want to use a shell script like .bash_profile. Too many opportunities for this to be hacked!
- Preferably I don't even want the user account to be assigned a valid "shell". In other words I want the user shell to be something like /bin/false, so that FTP, SFTP, etc. all of the rest will not be permitted. The ONLY thing I want allowed from the account is access to this one specific console application, running in unprivileged mode as this user.
- I may want to offer more than one of these applications on different usernames. So for example, "search" will present one console app, while "browse" will present another, depending on how the user logs in.
- Requiring a password for the SSH session is not required. It'd be nice if it just ignored authentication altogether, but having to give the end users the SSH password is not a deal-breaker. The only thing here is of course being secure - I do NOT want the account to be allowed to do anything else.
- The user shouldn't have to do anything special on their end. They should be able to just "ssh [email protected]" and get the service.
The program that executes may need command line arguments. I am fine with writing a wrapper to do this, but does that create an insecurity? e.g. If the command is "/usr/local/bin/myapp --mode=search", and I write a script like:
!/bin/bash
/usr/local/bin/myapp --mode=search
...does this create an insecure situation? Assume all file permissions are set properly - the user cannot modify the file.
Is this possible to do? If so, how can it be done, and importantly, how can it be done securely?
The server already offers SSH to the outside for remote login, which is fine. I still want that to work, obviously. So for instance if I login as my own user, I want to be asked for a password like usual and then presented a shell.
Thanks!
F
search
program. Have you tried that ?