Need to allow an access from outside to a 3rd party, but you don't want your service to listen public ports?
RXSH is Restricted SHell. The letter X was chosen arbitrarily only because there was already 'rsh' (remote shell).
Now that I really think of it. Maybe the X stands for some kind of transmission, just like in RX/TX.
Nothing. RXSH is simply totally dumb shell which does absolutely nothing. It takes no input, it'll print uninformative message though.
RXSH quits immediately if any parameters are passed (such as '-c /usr/lib/sftp-server'), so it won't allow SCP/SFTP access. The user is simply allowed to contact listening daemons in the localhost from outside via maintained secure shell connection.
I wanted a shell that will be used to maintain a connection to the server, but that will not allow the user to do anything on the server. It's actually useful only if you don't want to run any service at your public ip address and use ssh forwarded ports instead.
For example, I have mysqld running on localhost (127.0.0.1) at the standard port (3306). I only wish to allow connection to this service to only those users who have a connection account on my server.
First: cp rxsh /usr/local/bin
Second: echo /usr/local/bin/rxsh >> /etc/shells
chsh -s /usr/local/bin/rxsh username
$ ssh -L localport:localhost:remoteport username@hostname
Now, you only need to command your client software to take connection to localport at localhost.
c:\> start plink -L 3306:localhost:3306 username@hostname
c:\> mysql -h localhost -u mysqlusername --password=mysqlpassword databasename
Yes, although I don't really know why would you need it, but please send me email if you use this software. You may send me an email at <tomi AT panula-ont DOT to>.
20081031: Added a feature: Quit immediately if any parameters are passed.
RXSH does nothing to prevent normal SSH escape sequences, like ~C which opens the command line when written right after the newline. Note that this command line is specific to SSH only and can be used only to modify the forwarded ports, so it's exactly what we want to allow anyway.
RXSH is tested with OpenSSH 4.2, protocol version 2 only (should work on version 1, too)
RXSH does not timeout your connection. I have had connections over a week with it without any problems.