Re: [Freebsd-security] Re: Multi-User Security

From: Dan Rue (drue_at_therub.org)
Date: 05/20/04

  • Next message: Erwin Lansing: "Re: FreeBSD Security Advisory FreeBSD-SA-04:10.cvs" 
    Date: Wed, 19 May 2004 22:30:25 -0500
To: Remko Lodder <remko@elvandar.org>

    *Cough *Cough,

    On Tue, May 18, 2004 at 06:08:52PM +0200, Remko Lodder wrote:
    > Ahem,
    >
    > D> You generally would like to avoid giving people shell (ssh) access if
    > D> you can avoid it. If you must give shell access, it is best to set up a
    > D> jail.
    >
    > D> However, if you're just doing backup/file access - shell access isn't
    > D> necessary. You can do ftps, (ports/ftp/bsdftpd-ssl), and easily use
    > D> that to chroot users. You can do sftp (without ssh shell access), but
    > D> that's trickier to set up.
    >
    > real tricky :-> scponly-3.8_1|/usr/ports/shells/scponly|/usr/local|A tiny
    > shell that only permits scp and
    > sftp|/usr/ports/shells/scponly/pkg-descr|rushani@FreeBSD.org|shells|||http:/
    > /www.sublimation.org/scponly/
    > But not that hard.... ;-)

    You obviously havn't tried to chroot scponly users.. _that's_ the tricky
    part. Especially if you want it to scale up beyond a handful of users.
    If i'm wrong - fill me in i'd love to hear how to do it.

    Dan
    _______________________________________________
    freebsd-security@freebsd.org mailing list
    http://lists.freebsd.org/mailman/listinfo/freebsd-security
    To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"

  • Next message: Erwin Lansing: "Re: FreeBSD Security Advisory FreeBSD-SA-04:10.cvs"

    Relevant Pages

    • Re: Learning Lisp
      ... I compared VNC to SSH. ... Some programs can work only over VNC or a similar protocol, so I had a chance to compare these approaches. ... Let's say I need to check access rights on file /home/foo/bar.txt on server quux. ... This is what I would call 'doing it myself' -- I think of something, translate it to shell language, type and get results. ...
      (comp.lang.lisp)
    • Re: SFTP is not working
      ... When I try to use sftp or scp2, I get a message like this: ... sftp and scp2 both actually work by running ssh in a subprocess, ... The reason the shell startup files are relevant at all, ...
      (comp.security.ssh)
    • Re: Did you hack into my UNIX server Bible Bob?
      ... But that's not a shell question. ... >> OSX users, should I be using ssh instead of telnet for security? ... OSX as a built in firewall tab. ...
      (comp.unix.shell)
    • Re: "Driving" Linux Command Line from C# ?
      ... the usual Google search. ... Putty is great for manual work, but no API ... would be an SSH utility with an API but if it exists I haven't been ... Just be sure that you are sure about the shell on the ...
      (microsoft.public.dotnet.languages.csharp)
    • Re: Execute and lock a user into a program upon login
      ... logs in to the box via SSH, a command is run, and they immediately get ... dropped into the environment that the command produces. ... user is dropped into the application 'vtysh' ... shell drops (ie. user does not have to exit the csh shell to drop the ...
      (freebsd-questions)