ssh -t <host> /bin/sh trick (was Re: ftp access)

From: Paul Herman (pherman@frenchfries.net)
Date: 02/28/01

Next message: Andrey Podkolzin: "Re: vlan"
Previous message: Erick Mechler: "Re: vlan"
In reply to: Steve Reid: "Re: ftp access"
Next in thread: Torbjorn Kristoffersen: "Re: ssh tricks (was Re: ssh -t <host> /bin/sh trick (was Re: ftp access))"
Reply: Torbjorn Kristoffersen: "Re: ssh tricks (was Re: ssh -t <host> /bin/sh trick (was Re: ftp access))"
Reply: Nate Williams: "Re: ssh -t <host> /bin/sh trick (was Re: ftp access)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Wed, 28 Feb 2001 09:09:49 +0100 (CET)
From: Paul Herman <pherman@frenchfries.net>
To: Steve Reid <sreid@sea-to-sky.net>

On Tue, 27 Feb 2001, Steve Reid wrote:

> On Tue, Feb 27, 2001 at 02:55:12PM -0800, Brooks Davis wrote:
> > If you do this be sure to keep users from being able to access the system
> > via ssh. Otherwise they can just use ssh to spawn a shell for themselves:
> > ssh -t <host> /bin/sh
>
> Are you certain about this?
>
> I tried this on a 4.1.1-R box I operate and it didn't let me in. The
> box is set up with the ftp login shell set to "/nonexistent/ftponly",
> which is listed in /etc/shells but does not exist.

This behaviour has changed over the years, which is why there are two
conflicting reports.

I remember the days (FreeBSD 2.2.6, or so, using ssh from ssh.com) of
having to write a small script in /etc/sshrc which checks for invalid
shells to prevent what Brooks was describing. Back then, it *did*
work.

Now (at least with OpenSSH_2_3_0), that trick doesn't work anymore.
Don't know when/where/in which version this changed, but my inkling is
that PAM is the culprit.

-Paul.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Next message: Andrey Podkolzin: "Re: vlan"
Previous message: Erick Mechler: "Re: vlan"
In reply to: Steve Reid: "Re: ftp access"
Next in thread: Torbjorn Kristoffersen: "Re: ssh tricks (was Re: ssh -t <host> /bin/sh trick (was Re: ftp access))"
Reply: Torbjorn Kristoffersen: "Re: ssh tricks (was Re: ssh -t <host> /bin/sh trick (was Re: ftp access))"
Reply: Nate Williams: "Re: ssh -t <host> /bin/sh trick (was Re: ftp access)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: login problem
... you should get an error message like so with su -m: ... su: permission denied (shell). ... >> I ssh into my FreeBSD 4.5 box using ssh. ... with "unsubscribe freebsd-security" in the body of the message ...
(FreeBSD-Security)
Re: ftp access
... > /sbin/nologin as the user's shell. ... Otherwise they can just use ssh to spawn a shell for themselves: ... with "unsubscribe freebsd-security" in the body of the message ...
(FreeBSD-Security)
Re: SFTP is not working
... When I try to use sftp or scp2, I get a message like this: ... sftp and scp2 both actually work by running ssh in a subprocess, ... The reason the shell startup files are relevant at all, ...
(comp.security.ssh)
Re: Did you hack into my UNIX server Bible Bob?
... But that's not a shell question. ... >> OSX users, should I be using ssh instead of telnet for security? ... OSX as a built in firewall tab. ...
(comp.unix.shell)
Re: "Driving" Linux Command Line from C# ?
... the usual Google search. ... Putty is great for manual work, but no API ... would be an SSH utility with an API but if it exists I haven't been ... Just be sure that you are sure about the shell on the ...
(microsoft.public.dotnet.languages.csharp)