ssh -t <host> /bin/sh trick (was Re: ftp access)

From: Paul Herman (pherman@frenchfries.net)
Date: 02/28/01

• Next message: Andrey Podkolzin: "Re: vlan"
• Previous message: Erick Mechler: "Re: vlan"
• In reply to: Steve Reid: "Re: ftp access"
• Next in thread: Torbjorn Kristoffersen: "Re: ssh tricks (was Re: ssh -t <host> /bin/sh trick (was Re: ftp access))"
• Reply: Torbjorn Kristoffersen: "Re: ssh tricks (was Re: ssh -t <host> /bin/sh trick (was Re: ftp access))"
• Reply: Nate Williams: "Re: ssh -t <host> /bin/sh trick (was Re: ftp access)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Wed, 28 Feb 2001 09:09:49 +0100 (CET)
From: Paul Herman <pherman@frenchfries.net>
To: Steve Reid <sreid@sea-to-sky.net>

On Tue, 27 Feb 2001, Steve Reid wrote:

> On Tue, Feb 27, 2001 at 02:55:12PM -0800, Brooks Davis wrote:
> > If you do this be sure to keep users from being able to access the system
> > via ssh. Otherwise they can just use ssh to spawn a shell for themselves:
> > ssh -t <host> /bin/sh
>
> Are you certain about this?
>
> I tried this on a 4.1.1-R box I operate and it didn't let me in. The
> box is set up with the ftp login shell set to "/nonexistent/ftponly",
> which is listed in /etc/shells but does not exist.

This behaviour has changed over the years, which is why there are two
conflicting reports.

I remember the days (FreeBSD 2.2.6, or so, using ssh from ssh.com) of
having to write a small script in /etc/sshrc which checks for invalid
shells to prevent what Brooks was describing. Back then, it *did*
work.

Now (at least with OpenSSH_2_3_0), that trick doesn't work anymore.
Don't know when/where/in which version this changed, but my inkling is
that PAM is the culprit.

-Paul.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

• Next message: Andrey Podkolzin: "Re: vlan"
• Previous message: Erick Mechler: "Re: vlan"
• In reply to: Steve Reid: "Re: ftp access"
• Next in thread: Torbjorn Kristoffersen: "Re: ssh tricks (was Re: ssh -t <host> /bin/sh trick (was Re: ftp access))"
• Reply: Torbjorn Kristoffersen: "Re: ssh tricks (was Re: ssh -t <host> /bin/sh trick (was Re: ftp access))"
• Reply: Nate Williams: "Re: ssh -t <host> /bin/sh trick (was Re: ftp access)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: login problem ... you should get an error message like so with su -m: ... su: permission denied (shell). ... >> I ssh into my FreeBSD 4.5 box using ssh. ... with "unsubscribe freebsd-security" in the body of the message ... (FreeBSD-Security) Re: ftp access ... > /sbin/nologin as the user's shell. ... Otherwise they can just use ssh to spawn a shell for themselves: ... with "unsubscribe freebsd-security" in the body of the message ... (FreeBSD-Security) Re: SFTP is not working ... When I try to use sftp or scp2, I get a message like this: ... sftp and scp2 both actually work by running ssh in a subprocess, ... The reason the shell startup files are relevant at all, ... (comp.security.ssh) Re: Did you hack into my UNIX server Bible Bob? ... But that's not a shell question. ... >> OSX users, should I be using ssh instead of telnet for security? ... OSX as a built in firewall tab. ... (comp.unix.shell) Re: using ssh to run remote commands? [ssh -T, scp/ssh flags] ... I use SSH to forward connections between an intranet server at home and my ... To do this, the user on the remote machine need not have a shell, either ... start a shell on the remote host, ... you can have ssh run a command instead of an interactive shell by ... (FreeBSD-Security)

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint