Re: Good secure file transfer, was Re: How safe are FTP servers?
- From: Nico <nkadel@xxxxxxxxx>
- Date: Sat, 09 Jun 2007 06:19:06 -0700
On 29 May, 02:05, Ertugrul Soeylemez <do-not-spam...@xxxxxxxx> wrote:
SSH means `Secure SHell'. That implies regular shell access. However,
if you system is configured properly, then there is no problem with
that, besides that it adds a further layer of potential security
problems. To avoid that, avoid SSH, or chroot it (which is well
possible [1,2]).
[ Note that this is about OpenSSH, not the commercial SSH server at
ssh.com. ]
chrooting OpenSSH is possible. But it's *not* supported by the
authors, and they've previously said "no" to attempts to integrate it.
That means you have to play games like maintaining your own version of
OpenSSH on the server. It's painful: I used to maintain one of the
codebases and download sites for those patche. There are notes at
chroot.sourceforge.net, but it remains difficult to support.
The chroot option in OpenSSH has nothing to do with restricting users
to chroot cages: it restricts the sshd itself for certain operations.
Like the UseDNS option in sshd_config, it's very confusingly named.
.
- Prev by Date: open-source vulnerability scanners for PCI compliance testing?
- Next by Date: Re: Good secure file transfer, was Re: How safe are FTP servers?
- Previous by thread: open-source vulnerability scanners for PCI compliance testing?
- Next by thread: Re: Good secure file transfer, was Re: How safe are FTP servers?
- Index(es):
Relevant Pages
|
|
