Re: ssh bypassing OS procedures?
From:Date: 09/13/02
- Next message: Richard E. Silverman: "Re: SSH 3.4 Hanging Connections"
- Previous message: Nico Kadel-Garcia: "Re: configure fails on solaris 8"
- In reply to: Chuck: "ssh bypassing OS procedures?"
- Next in thread: Chuck: "Re: ssh bypassing OS procedures?"
- Reply: Chuck: "Re: ssh bypassing OS procedures?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 13 Sep 2002 04:42:09 GMT
"Chuck" <hal___jordan@hotmail.com> wrote in message
news:b1713487.0209120552.160edd4c@posting.google.com...
> Platform: Sparc/Solaris 2.6
> Version OpenSSH: 3.4p1
> I have a ftp server setup so that if the users don't change their
> passwords every thirty days, the OS will lock the user account. This
> is done by normal means through /etc/default/passwd. I have a user who
> believes that it doesn't matter whether or not his user id is locked,
> he can still ssh into the system via private key authentication. He
> maintains that ssh doesn't care what the OS says, it will still grant
> access. Any application that totally bypasses the OS sounds awfully
> suspect to me. I don't believe SSH would do this. And I have been
> unable to make SSH perform in this way. My question: Can you really
> configure ssh so that it bypasses the OS's procedure and just
> authenticates through encrypted keys?
Authentication through the keys avoids the password authentication, true.
And locking an account fully should be done by both disabling the password
and disabling the user's shell. Disabling his shell should help to spike
this trick.
Why are you giving user accounts on your ftp server? Secure FTP servers
should *NEVER* have user accounts with the same passwords as the ftp
accounts. Look at proftpd for examples of how to correctly configure ftp
accounts to have distinct passwords from the shell accounts.
> By the way, the user uses rsync to transfer files and seems to have
> found a way to transfer files despite the fact that his user id is
> locked. More power to him. I'm impressed by his ability to adapt, but
> ... how did he do that??
"rsync -e ssh"
Read the man page on rsync for more details.
- Next message: Richard E. Silverman: "Re: SSH 3.4 Hanging Connections"
- Previous message: Nico Kadel-Garcia: "Re: configure fails on solaris 8"
- In reply to: Chuck: "ssh bypassing OS procedures?"
- Next in thread: Chuck: "Re: ssh bypassing OS procedures?"
- Reply: Chuck: "Re: ssh bypassing OS procedures?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
