1295367Sdes# $OpenBSD: forcecommand.sh,v 1.3 2015/03/03 22:35:19 markus Exp $ 2162852Sdes# Placed in the Public Domain. 3162852Sdes 4162852Sdestid="forced command" 5162852Sdes 6162852Sdescp $OBJ/sshd_proxy $OBJ/sshd_proxy_bak 7162852Sdes 8295367Sdescp /dev/null $OBJ/authorized_keys_$USER 9295367Sdesfor t in ${SSH_KEYTYPES}; do 10295367Sdes printf 'command="true" ' >>$OBJ/authorized_keys_$USER 11295367Sdes cat $OBJ/$t.pub >> $OBJ/authorized_keys_$USER 12295367Sdesdone 13162852Sdes 14295367Sdesfor p in ${SSH_PROTOCOLS}; do 15162852Sdes trace "forced command in key option proto $p" 16162852Sdes ${SSH} -$p -F $OBJ/ssh_proxy somehost false \ || 17162852Sdes fail "forced command in key proto $p" 18162852Sdesdone 19162852Sdes 20295367Sdescp /dev/null $OBJ/authorized_keys_$USER 21295367Sdesfor t in ${SSH_KEYTYPES}; do 22295367Sdes printf 'command="false" ' >> $OBJ/authorized_keys_$USER 23295367Sdes cat $OBJ/$t.pub >> $OBJ/authorized_keys_$USER 24295367Sdesdone 25162852Sdes 26162852Sdescp $OBJ/sshd_proxy_bak $OBJ/sshd_proxy 27162852Sdesecho "ForceCommand true" >> $OBJ/sshd_proxy 28162852Sdes 29295367Sdesfor p in ${SSH_PROTOCOLS}; do 30162852Sdes trace "forced command in sshd_config overrides key option proto $p" 31162852Sdes ${SSH} -$p -F $OBJ/ssh_proxy somehost false \ || 32162852Sdes fail "forced command in key proto $p" 33162852Sdesdone 34162852Sdes 35162852Sdescp $OBJ/sshd_proxy_bak $OBJ/sshd_proxy 36162852Sdesecho "ForceCommand false" >> $OBJ/sshd_proxy 37162852Sdesecho "Match User $USER" >> $OBJ/sshd_proxy 38162852Sdesecho " ForceCommand true" >> $OBJ/sshd_proxy 39162852Sdes 40295367Sdesfor p in ${SSH_PROTOCOLS}; do 41162852Sdes trace "forced command with match proto $p" 42162852Sdes ${SSH} -$p -F $OBJ/ssh_proxy somehost false \ || 43162852Sdes fail "forced command in key proto $p" 44162852Sdesdone 45