Re: restricting ssh access

From: Chuck (skilover_nospam_at_softhome.net)
Date: 03/23/05

• Next message: J.D. Baldwin: "Re: restricting ssh access"
• Previous message: Jacob Nevins: "Re: SSH for Binary Data Pipe"
• In reply to: User1001: "Re: restricting ssh access"
• Next in thread: Richard E. Silverman: "Re: restricting ssh access"
• Reply: Richard E. Silverman: "Re: restricting ssh access"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Wed, 23 Mar 2005 09:47:02 -0500

User1001 wrote:
> In Shell RC file for non-login account, add variable checks for SSH
> connection; (Open)SSH sets certain environment variables when it
> completes a login connection (eg; SSH_CLIENT, SSH_CONNECTION, SSH_TTY,
> SSH_ORIGINAL_COMMAND for SCP). Make sure that SSH_ORIGINAL_COMMAND is set
> to "scp" (or "sftp"). You might want to check on the "command string"
> being passed and decided whether to execute it or not.

RC file? Are you referring to the login scripts like .profile, .login,
and .cshrc?

> This can be tightened up more by using key-only-access where the
> AUTHORIZED_KEYS file has additional (OpenSSH) parameters to limit PTY,
> port forwarding, et cetera, and can even be used to invoke a specific
> command (script) where further checking/restrictions can be implemented.

Key authentication for most users is probably not an option. There will
be a number of users sharing this common account for ftp file drop off
and most of them will not be savvy enough to understand public/private
key authentication. Since they will have the password for the account, I
want to be sure they can't use it to do anything other than what they
need to do which is to upload files.

---

• Next message: J.D. Baldwin: "Re: restricting ssh access"
• Previous message: Jacob Nevins: "Re: SSH for Binary Data Pipe"
• In reply to: User1001: "Re: restricting ssh access"
• Next in thread: Richard E. Silverman: "Re: restricting ssh access"
• Reply: Richard E. Silverman: "Re: restricting ssh access"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: Windows Installer (MSI) Error 2203 An internal error has occurred. ... Computer> Properties> Advanced> Environment Variables and type ... SUCCESS Offset: 2147483539 Length: 1 ... I also have a log for the msi install if required. ... The problem only occurs under my own account. ... (microsoft.public.windows.server.general) Re: cluster resource environment variables ... > account and put the variable FOO in the account ... > I would like to apologize in advance for any inaccuracies> in windows cluster terminology. ... > Each server process relies on environment variables to> tell it where its brain is. ... For illustration lets say> that each process looks at the environment variable FOO to> find the path to its configuration file. ... (microsoft.public.windows.server.clustering) Re: Renaming users/accounts ... "Shenan Stanley" wrote: ... When I originally installed WinXP I created an account named ABC ... some useful resourses on environment variables. ... (microsoft.public.windowsxp.perform_maintain) Fax service and its TEMP folder ... from environment variables for system. ... Not for user account. ... I were able to observe above cause I have specific config of TEMP variables and folders. ... modification of fax service's TMP/TEMP folder? ... (microsoft.public.windowsxp.perform_maintain) Re: Set Group Policy to stop user installing any program ... Just a quick explain about why they use one account for multiple people. ... this account is only intended for students to log in and browse ... You can use software restriction policies to allow or deny application ... I don't recommend that you have all users sharing one account, ... (microsoft.public.windows.server.sbs)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(17)