Results 1 to 7 of 7

Thread: Only allow SSH for PHP applications

  1. #1
    Join Date
    Jan 2011
    Beans
    10
    Distro
    Ubuntu 11.04 Natty Narwhal

    Only allow SSH for PHP applications

    Hi Guys,

    I currently have a control panel that uses SSH but I only want to allow that specific control panel to use SSH.
    I own a VPS so I can always login even without SSH so thats not the problem

    My Problem is that the FTP and SSH credentials are the same and I don't want any of my clients to use SSH via command line.

    Is there any way I can block them from logging in via a command line but keep allowing them to use the web control panel with PHP-SSH?

    I tried to use the hosts.allow and hosts.deny files for SSH but My control panel got bugged when I did.
    Blocking a SSH client is no option because they need to login via the control panel!

    Thanks in advance,

    Tim
    Last edited by iTimOSX; September 16th, 2011 at 04:57 PM.

  2. #2
    Join Date
    Jun 2011
    Beans
    Hidden!

    Re: Only allow SSH for PHP applications

    One thing you could try is confining the sshd process with an apparmor profile, and have that profile disallow /bin/bash for example. The a bash shell cannot get invoked on ssh login.

  3. #3
    Join Date
    Sep 2011
    Beans
    27

    Re: Only allow SSH for PHP applications

    We will need more details. What control panel do you have? What do you mean by "it uses ssh"? What does it do via SSH? If you want to disable SSH for a username you can just change its shell account to /bin/false and add that shell to /etc/shells so he can still login via FTP
    Last edited by Iowan; January 27th, 2012 at 12:31 AM. Reason: Remove URL

  4. #4
    Join Date
    Jan 2011
    Beans
    10
    Distro
    Ubuntu 11.04 Natty Narwhal

    Re: Only allow SSH for PHP applications

    Quote Originally Posted by zackwasa View Post
    We will need more details. What control panel do you have? What do you mean by "it uses ssh"? What does it do via SSH? If you want to disable SSH for a username you can just change its shell account to /bin/false and add that shell to /etc/shells so he can still login via FTP

    Hi, Thanks for the reply
    It's a game control panel.
    Just a control panel that uses SSH to start/stop/restart the gameserver I Don't wanna disable SSH because the script needs it.

    Thanks in advance,
    Tim

  5. #5
    Join Date
    Sep 2011
    Beans
    27

    Re: Only allow SSH for PHP applications

    Well you can leave ssh enabled for it by giving it a shell and disabling for the other the way I described in my previous post
    Last edited by Iowan; January 27th, 2012 at 12:31 AM. Reason: Remove URL

  6. #6
    Join Date
    Jan 2011
    Beans
    10
    Distro
    Ubuntu 11.04 Natty Narwhal

    Re: Only allow SSH for PHP applications

    Quote Originally Posted by zackwasa View Post
    Well you can leave ssh enabled for it by giving it a shell and disabling for the other the way I described in my previous post
    Thanks but can you explain it a little bit more? I'm a beginner.

  7. #7
    Join Date
    Sep 2011
    Beans
    27

    Re: Only allow SSH for PHP applications

    For each user you want to disable SSH access edit /etc/passwd and change:
    Code:
    /bin/bash
    to
    Code:
    /bin/false
    Then add /bin/false to /etc/shells

    This should allow them to FTP only. I hope it explains everything
    Last edited by Iowan; January 27th, 2012 at 12:31 AM. Reason: Remove URL

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •