Mailing List Archive

MaxSessions 0 # ZERO!!!
in your sshd_config ensures that no interactive commands can be used

For good measure you can also add
ForceCommand /usr/bin/false
which will override any command which is specified on the command line


On Mon, 5 Jul 2021 at 16:35, Christoph Anton Mitterer
<calestyo@scientia.net> wrote:
>
> Hey.
>
> I've just wondered whether there is a counterpart for ssh's -N for
> ssh_config... at least I couldn't find anything in the manpage.
>
> Thanks,
> Chris.
>
> _______________________________________________
> openssh-unix-dev mailing list
> openssh-unix-dev@mindrot.org
> https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev

On Mon, 2021-07-05 at 19:46 -0400, M Rubon wrote:
>    MaxSessions 0    # ZERO!!!
> in your sshd_config ensures that no interactive commands can be used

Thanks, but I don't think this is really an equivalent of ssh's -N, as
it needs to be set on the server side, which one might not even have
permissions to do so... and even if, if would affect all connections...
and I don't think one can work around this with Match or so.


Cheers,
Chris.

_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev

On Mon, Jul 5, 2021 at 8:36 PM Christoph Anton Mitterer
<calestyo@scientia.net> wrote:
>
> On Mon, 2021-07-05 at 19:46 -0400, M Rubon wrote:
> > MaxSessions 0 # ZERO!!!
> > in your sshd_config ensures that no interactive commands can be used
>
> Thanks, but I don't think this is really an equivalent of ssh's -N, as
> it needs to be set on the server side, which one might not even have
> permissions to do so... and even if, if would affect all connections...
> and I don't think one can work around this with Match or so.

It's also not what he asked. He asked for "ssh_config" settings, not
"sshd_conig" settings.
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev

Dear Chris,

This is currently not possible, but there is a pull request from me in
review that is providing missing ssh_config counterparts to several
command line options:

https://github.com/openssh/openssh-portable/pull/231

I already improved that pull request according to the first feedback I
received from this mailing list, and I hope it will be accepted soon.

Then, "ssh -N" will be equivalent to:

SessionType none


Best regards,
Volker


Christoph Anton Mitterer wrote:
> Hey.
>
> I've just wondered whether there is a counterpart for ssh's -N for
> ssh_config... at least I couldn't find anything in the manpage.
>
> Thanks,
> Chris.
>
> _______________________________________________
> openssh-unix-dev mailing list
> openssh-unix-dev@mindrot.org
> https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev

--
Volker Diels-Grabsch
----<<<((()))>>>----
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev

On Tue, 2021-07-06 at 09:55 +0200, Volker Diels-Grabsch wrote:
> but there is a pull request from me in
> review that is providing missing ssh_config counterparts to several
> command line options:
>
>     https://github.com/openssh/openssh-portable/pull/231

Ah that sounds great... thanks for your work :-)


Cheers,
Chris.

_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev