On Wed, 16 Oct 2024 14:52:25 +0200,
Dan <d...@nnnne-o-o-o.com> wrote:
>
> PermitLocalCommand should have a default value of "no".
According to the man page it is:
PermitLocalCommand
Allow local command execution via the LocalCommand option or
using the !command escape sequence in ssh(1). The argument must
be yes or no (the default).
and man page seems to be allined with the code, at least as I understand it.
> By the way I have set PermitLocalCommand to no in my ssh_config and I
> continue to be able to launch commands from the ssh launch line
> after a "systemctl restart ssh" in Linux box.
> I checked if by by case exists any other ssh config file but doesn't.
> Is it possible to block local command launches via ssh command line at
> all or I'm too enthusiastic?
>
are you sure that you understnad how local command works? It works this way:
~ $ ssh -o PermitLocalCommand=no -o LocalCommand=hostname
docker.matebook.local hostname
docker.matebook.local
~ $ ssh -o PermitLocalCommand=yes -o LocalCommand=hostname
docker.matebook.local hostname
matebook.local
docker.matebook.local
~ $ ssh -o LocalCommand=hostname docker.matebook.local hostname
docker.matebook.local
~ $
--
wbr, Kirill
