Re: ftp access
From: Brooks Davis (brooks@one-eyed-alien.net)
Date: 02/28/01
- Next message: Rocco Lucia: "Re: vlan"
- Previous message: Travis [Admin Team]: "Re: ftp access"
- In reply to: Travis [Admin Team]: "Re: ftp access"
- Next in thread: Steve Reid: "Re: ftp access"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 27 Feb 2001 15:10:44 -0800 From: Brooks Davis <brooks@one-eyed-alien.net> To: "Travis [Admin Team]" <traviso@RapidNet.com>
On Tue, Feb 27, 2001 at 04:01:31PM -0700, Travis [Admin Team] wrote:
> On Tue, 27 Feb 2001, Brooks Davis wrote:
>
> > If you do this be sure to keep users from being able to access the system
> > via ssh. Otherwise they can just use ssh to spawn a shell for themselves:
> >
> > ssh -t <host> /bin/sh
>
> Course I believe you disable it with a -T doncha? >;)
I'm afraid I don't see your point. It's true that -T is the opposit of
-t for the ssh client, but that doens't have anything to do with the
fact that any user with a valid username and password can get a shell
via ssh unless you don't allow them to run ANYTHING via sshd.
-- Brooks
-- Any statement of the form "X is the one, true Y" is FALSE. PGP fingerprint 655D 519C 26A7 82E7 2529 9BF0 5D8E 8BE9 F238 1AD4
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
- application/pgp-signature attachment: stored
- Next message: Rocco Lucia: "Re: vlan"
- Previous message: Travis [Admin Team]: "Re: ftp access"
- In reply to: Travis [Admin Team]: "Re: ftp access"
- Next in thread: Steve Reid: "Re: ftp access"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
