RE: Restricting SSH in windows

From: Jeff Gercken (JeffG_at_kizan.com)
Date: 02/14/05

Next message: Harshil Parikh: "Clear text password vulnerability"

Previous message: dayz_at_planet.nl: "Re: Programming"
Maybe in reply to: Brian T: "Restricting SSH in windows"
Next in thread: Daniel Miessler: "Re: Restricting SSH in windows"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Mon, 14 Feb 2005 09:18:53 -0500
To: "Brian T" <briant4592@hotmail.com>, <security-basics@securityfocus.com>

Why not just use a stripped down version of a linux live cd (knoppix,
distro boot cd, etc). FTP and telnet are pretty universal so they don't
have to be linux gurus or anything. I would additionally create a
normal user account for them (otherwise disable the hd's in bios) to use
and configure iptables to limit outbound connections.

I don't think you'll find a solution in windows for what you're looking
for without setting DACLs everywhere.

-Jeff

-----Original Message-----
From: Brian T [mailto:briant4592@hotmail.com]
Sent: Friday, February 11, 2005 11:37 AM
To: security-basics@securityfocus.com
Subject: Restricting SSH in windows

I have a situation where a vendor is SSHing into a windows box on our
internal network that is connected to the console of a system that he
needs
to support. In an effort to restrict the vendor's access to our network
we
disconnect the network connection of the supported system during
maintenance
procedures. There is, however still the issue of the vendor having
unrestricted shell access to the windows box. The ssh server is using
Cygwin and Openssh v3.5p1. I would like to restrict the commands the
vendor
is allowed to execute (in this case only ftp and telnet). All research
I
have conducted so far has not given me anything useful for windows.
Does
anyone have any experience is a situation such as this?

Thanks,
Brian T

_________________________________________________________________
Express yourself instantly with MSN Messenger! Download today - it's
FREE!
http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/

Next message: Harshil Parikh: "Clear text password vulnerability"

Previous message: dayz_at_planet.nl: "Re: Programming"
Maybe in reply to: Brian T: "Restricting SSH in windows"
Next in thread: Daniel Miessler: "Re: Restricting SSH in windows"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: Using Win2000 as a FTP Server
... Is this Windows 2000 Pro,...or Windows 2000 Server? ... Are the users on the same network, or different networks (like LAN -vs- ... If the FTP Server going to be made available to the Internet via an Edge ...
(microsoft.public.win2000.networking)
Re: Question on Internet access of vsftp server
... >& telnet (as long as telnet server is activated in inetd. ... would try to catch any messages for the two FTP ports. ... There is another network that also runs ...
(RedHat)
Re: slow file transfer
... The Windows Explorer is even slower. ... and FTP to Linux. ... there are a very high number of collisions on the network with the two XP ... >> computer to the other using FTP we get a transfer rate ...
(microsoft.public.windowsxp.perform_maintain)
Re: slow file transfer
... The Windows Explorer is even slower. ... and FTP to Linux. ... there are a very high number of collisions on the network with the two XP ... >> computer to the other using FTP we get a transfer rate ...
(microsoft.public.windowsxp.perform_maintain)
Network stops working
... This system is running a hard real-time control ... reproduce, the network stops working. ... device's website, nor FTP it, nor Telnet it. ...
(microsoft.public.windowsce.platbuilder)