Re: Locking down ssh config in large env
From: David M. Andersen (danderse_at_uncc.edu)
Date: 10/01/04
- Previous message: Atro Tossavainen: "Re: Locking down ssh config in large env"
- In reply to: lonely wolf: "Re: Locking down ssh config in large env"
- Next in thread: Atro Tossavainen: "Re: Locking down ssh config in large env"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 01 Oct 2004 08:09:18 -0400 To: secureshell@securityfocus.com
lonely wolf wrote:
> Of course, this will not prevent a determined user to use his own
> compiled copy of ssh which does not make use of .ssh but of renamed
> folder[s]/file[s]
Well you could make "ssh" setgid to some group and use
iptables/netfilter's "--gid-owner" to only allow traffic to remote port
22 to originate from processes with that gid. But that's evil.
- Previous message: Atro Tossavainen: "Re: Locking down ssh config in large env"
- In reply to: lonely wolf: "Re: Locking down ssh config in large env"
- Next in thread: Atro Tossavainen: "Re: Locking down ssh config in large env"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
