Restircted SSH PHP CLIs
Posted: Wed 29. Oct 2025, 13:13
Hello,
Now, in the restircted SSH additional binaries, I allow users for the following:
/usr/bin/git
/usr/share/terminfo/x/xterm
/usr/bin/keyhelp-php84
/usr/bin/keyhelp-php83
/usr/bin/keyhelp-php82
/usr/bin/keyhelp-php81
/usr/bin/keyhelp-php80
/usr/bin/keyhelp-php74
Which allows to run any PHP version, Git, Composer, Nano editor, etc...
Is it generally safe? Also I noticed that disabled functions are not set for php cli-s. I can run both in SSH:
php -r 'echo exec("whoami"); echo "\n";'
keyhelp-php81 -r 'echo exec("whoami"); echo "\n";'
Is this a secuerity issue, or still perfectly safe?
Also, maybe is there a workaround for restircted user's home directory? When I just run cd, this is the issue. And also with git global config (without specify in variable)
client8@kw1:/$ cd
-bash: cd: /home/users/client8/: No such file or directory
Thank you!
Now, in the restircted SSH additional binaries, I allow users for the following:
/usr/bin/git
/usr/share/terminfo/x/xterm
/usr/bin/keyhelp-php84
/usr/bin/keyhelp-php83
/usr/bin/keyhelp-php82
/usr/bin/keyhelp-php81
/usr/bin/keyhelp-php80
/usr/bin/keyhelp-php74
Which allows to run any PHP version, Git, Composer, Nano editor, etc...
Is it generally safe? Also I noticed that disabled functions are not set for php cli-s. I can run both in SSH:
php -r 'echo exec("whoami"); echo "\n";'
keyhelp-php81 -r 'echo exec("whoami"); echo "\n";'
Is this a secuerity issue, or still perfectly safe?
Also, maybe is there a workaround for restircted user's home directory? When I just run cd, this is the issue. And also with git global config (without specify in variable)
client8@kw1:/$ cd
-bash: cd: /home/users/client8/: No such file or directory
Thank you!