Re: [Freebsd-security] Re: Multi-User Security
From: Doug Barton (DougB_at_FreeBSD.org)
Date: 06/09/04
- Previous message: Colin Percival: "RE: FreeBSD Security Advisory FreeBSD-SA-04:12.jailroute"
- In reply to: Crist J. Clark: "Re: [Freebsd-security] Re: Multi-User Security"
- Next in thread: Crist J. Clark: "Re: [Freebsd-security] Re: Multi-User Security"
- Reply: Crist J. Clark: "Re: [Freebsd-security] Re: Multi-User Security"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 9 Jun 2004 05:03:02 -0700 (PDT) To: "Crist J. Clark" <cjc@FreeBSD.org>
On Mon, 7 Jun 2004, Crist J. Clark wrote:
> On Sun, Jun 06, 2004 at 11:38:55PM -0700, Doug Barton wrote:
>> On Wed, 19 May 2004, Dan Rue wrote:
>>
>>> You obviously havn't tried to chroot scponly users.. _that's_ the tricky
>>> part. Especially if you want it to scale up beyond a handful of users.
>>> If i'm wrong - fill me in i'd love to hear how to do it.
>>
>> Have you considered using ~/.ssh/authorized_keys to restrict the account
>> from tty access? This would allow you to do commands (like scp) without
>> the risk of the user getting an actual shell.
>
> $ ssh host /bin/sh
>
> You don't need a tty to get an interactive shell.
You can also enforce what commands the user can run to prevent this.
Read sshd(8) for more information.
Doug
--
This .signature sanitized for your protection
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
- Previous message: Colin Percival: "RE: FreeBSD Security Advisory FreeBSD-SA-04:12.jailroute"
- In reply to: Crist J. Clark: "Re: [Freebsd-security] Re: Multi-User Security"
- Next in thread: Crist J. Clark: "Re: [Freebsd-security] Re: Multi-User Security"
- Reply: Crist J. Clark: "Re: [Freebsd-security] Re: Multi-User Security"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
