Custom Openssh Shell

To be pedantic, it won't be ctrl+c, but SIGHUP (closer to ctrl+d) that kills the app.

You can put essentially whatever you want in the user's shell in /etc/passwd. Simply replace the default on the user's passwd line (probably /bin/bash) with another program. That program can be a script, such as /usr/bin/tail_log_file, with these contents, owned by root:root, with umode 0755:

#!/bin/rbash
tail -f /path/to/logfile

You can use some interpreter other than rbash, but it is advisable to use a restricted shell in such cases.

To be extremely pedantic about it, you should add the script's path to /etc/shells, but I usually find it works anyway.

Keep in mind also that the user could potentially put the script in the background, or use some options (ssh username@host bash) and still acquire a shell. If you want to restrict the user in such ways, good filesystem permissions are the only real solution.


ssh forced commands spring to mind if you're happy to use keypair based authentication.

man authorized_keys
/command=