1# $OpenBSD: forcecommand.sh,v 1.4 2017/04/30 23:34:55 djm Exp $ 2# Placed in the Public Domain. 3 4tid="forced command" 5 6cp $OBJ/sshd_proxy $OBJ/sshd_proxy_bak 7 8cp /dev/null $OBJ/authorized_keys_$USER 9for t in ${SSH_KEYTYPES}; do 10 printf 'command="true" ' >>$OBJ/authorized_keys_$USER 11 cat $OBJ/$t.pub >> $OBJ/authorized_keys_$USER 12done 13 14trace "forced command in key option" 15${SSH} -F $OBJ/ssh_proxy somehost false || fail "forced command in key" 16 17cp /dev/null $OBJ/authorized_keys_$USER 18for t in ${SSH_KEYTYPES}; do 19 printf 'command="false" ' >> $OBJ/authorized_keys_$USER 20 cat $OBJ/$t.pub >> $OBJ/authorized_keys_$USER 21done 22 23cp $OBJ/sshd_proxy_bak $OBJ/sshd_proxy 24echo "ForceCommand true" >> $OBJ/sshd_proxy 25 26trace "forced command in sshd_config overrides key option" 27${SSH} -F $OBJ/ssh_proxy somehost false || fail "forced command in key" 28 29cp $OBJ/sshd_proxy_bak $OBJ/sshd_proxy 30echo "ForceCommand false" >> $OBJ/sshd_proxy 31echo "Match User $USER" >> $OBJ/sshd_proxy 32echo " ForceCommand true" >> $OBJ/sshd_proxy 33 34trace "forced command with match" 35${SSH} -F $OBJ/ssh_proxy somehost false || fail "forced command in key" 36