unix - Restricting SSH access to a specific list of commands -

unix - Restricting SSH access to a specific list of commands -

i'm looking build application akin tilde.club user has ssh privileges restricted list of available commands. novice bash , unix machines, consulted friend has bit more experience. vaguely addressed security concerns without explicating, namely jailed user environments beingness unsafe, virtual machines beingness unstable, , ssh tunneling.

would please shed lite to...

what security issues should concerned about, and how may mitigate issues protect server

if matters, want user able utilize nano , python applet writing. should restricted home directory , subdirectories therein.

idea:

first, instead of setting user's shell bash, ksh,.. instead set rosh

then, in /etc/sudoers, allow same user / grouping of users, run limited list of commands generic user can run them, or root, if required.

also, remember people define "allowed commands" in ~/.ssh/authorized_keys of target server, have read-only user, otherwise modify it.

references / links help:

http://cybermashup.com/2013/05/14/restrict-ssh-logins-to-a-single-command/ http://david-latham.blogspot.in/2013/12/restrict-commands-executed-via-pre.html http://www.cmdln.org/2008/02/11/restricting-ssh-commands/

unix