Re: How do I set-up secure automated file push and pull?
From: Mark A. Hershberger (mah@everybody.org)Date: 04/23/02
- Previous message: David A. Guidry: "Re: new zlib patch"
- In reply to: Anupam: "How do I set-up secure automated file push and pull?"
- Next in thread: Ken Herron: "Re: How do I set-up secure automated file push and pull?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: "Anupam" <frj780jdy85533001@sneakemail.com> From: mah@everybody.org (Mark A. Hershberger) Date: 23 Apr 2002 15:03:17 -0500
"Anupam" <frj780jdy85533001@sneakemail.com> writes:
> 3. SSH account
> Pros:
> + Account with shell as /usr/lib/rsh and PATH="" is equivalent to denying
> login to machine
> + Because of /usr/lib/rsh as account's shell, account will be unable to
> write to standard o+w directories such as /tmp.
> + Along with use of quota, one can limit the amount of data written to
> various file systems.
> Cons:
> - Difficult to restrict read access to rest of files system, all o+r files
> are readable remotely. Might be easier to set-up on Trusted Solaris or on
> Solaris 8 using RBAC (any input???)
> - To set-up automated SSH one must use client side 'certificates' (not
> really a con, but an issue)
> - Are there any options I am missing?
- You can chroot sshd
(http://www.gnujobs.com/Articles/23/chroot.html#ssh)
(http://mail.incredimail.com/howto/openssh/)
(http://ssh.inet-one.com/dir.2000-09/msg00035.html)
- You can use the "command", "from", and "envrionment" in you
.ssh/authorized_keys file to restrict what commands the client
key can perform. (See sshd(8))
-- Find inner peace and ten thousand around you shall be saved. -- St. Seraphim of Sarov
- Previous message: David A. Guidry: "Re: new zlib patch"
- In reply to: Anupam: "How do I set-up secure automated file push and pull?"
- Next in thread: Ken Herron: "Re: How do I set-up secure automated file push and pull?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
