Re: ftp access
From: Steve Reid (sreid@sea-to-sky.net)
Date: 02/28/01
- Next message: Roelof Osinga: "Re: ftp access"
- Previous message: Rocco Lucia: "Re: vlan"
- In reply to: Brooks Davis: "Re: ftp access"
- Next in thread: Paul Herman: "ssh -t <host> /bin/sh trick (was Re: ftp access)"
- Reply: Paul Herman: "ssh -t <host> /bin/sh trick (was Re: ftp access)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 27 Feb 2001 20:21:45 -0800 From: Steve Reid <sreid@sea-to-sky.net> To: Brooks Davis <brooks@one-eyed-alien.net>
On Tue, Feb 27, 2001 at 02:55:12PM -0800, Brooks Davis wrote:
> If you do this be sure to keep users from being able to access the system
> via ssh. Otherwise they can just use ssh to spawn a shell for themselves:
> ssh -t <host> /bin/sh
Are you certain about this?
I tried this on a 4.1.1-R box I operate and it didn't let me in. The
box is set up with the ftp login shell set to "/nonexistent/ftponly",
which is listed in /etc/shells but does not exist.
I suspect sshd is trying to use the login shell to execute the supplied
command, which will fail if the login shell doesn't exist.
Either I'm not doing it right, or other ssh/sshd combinations are
different, or you're wrong about it being possible.
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
- Next message: Roelof Osinga: "Re: ftp access"
- Previous message: Rocco Lucia: "Re: vlan"
- In reply to: Brooks Davis: "Re: ftp access"
- Next in thread: Paul Herman: "ssh -t <host> /bin/sh trick (was Re: ftp access)"
- Reply: Paul Herman: "ssh -t <host> /bin/sh trick (was Re: ftp access)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
