[Drew DeVault] recently wrote up some interesting instructions on how to package up interactive text-based Linux commands for users to access via ssh. At first, this seems simple, but there are quite a few nuances to it and [Drew] does a good job of covering them.

One easy way — but not very versatile — is to create a user and make the program you want to run the default shell. The example used is to make /usr/bin/nethack the shell and now people can log in as that user and play nethack. Simple, right? However, there are better ways to get there.

There are a few problems. First,  if the user passes a command line to a program like nethack, things get confused. However, you can add a statement to the .ssh/authorized_keys file that selects a command to run using a real shell upon login. You can set the shell to something simple like /bin/sh or rbash (restricted bash) and use that to launch nethack or the binary of your choice. A restricted shell prevents users from doing things such as changing directories, setting certain environment variables, and more. It offers some level of safety against malicious activity, although perhaps not serious malicious activity.

Just to round out the example, [Drew] shows how he applies these ideas to a real working system. He has a series of Python scripts that work with Sourcehut continuous integration builds.

We love little ssh tools. While we like ssh, if you have an unreliable connection, you might prefer Mosh.