Re: No shell only forwarding
From: Richard E. Silverman (res_at_qoxp.net)
Date: 09/20/05
- Previous message: Todd H.: "Re: X11 and XEmacs"
- In reply to: Alan Hadsell: "Re: No shell only forwarding"
- Next in thread: Alan Hadsell: "Re: No shell only forwarding"
- Reply: Alan Hadsell: "Re: No shell only forwarding"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: 20 Sep 2005 13:18:12 -0400
>>>>> "AH" == Alan Hadsell <ahadsell@MtDiablo.com> writes:
AH> "Richard E. Silverman" <res@qoxp.net> writes:
>> Note that this is only necessary with the old protocol 1, which
>> requires a remote command execution for every connection. With
>> SSH-2, a client does not have to request an exec channel at all
>> (e.g. OpenSSH "ssh -N").
AH> True, but that makes it client-controlled. If we want the server
AH> admin to control whether the client has login access, we need
AH> something like this.
We already established that. What I meant was that the only reason to
have a program like this is if you're using SSH-1; if you're only using
SSH-2, then /bin/true would suffice.
Note that other SSH servers are less clumsy in this regard, e.g. the
VanDyke server allows you to simply refuse exec channels to certain
clients.
-- Richard Silverman res@qoxp.net
- Previous message: Todd H.: "Re: X11 and XEmacs"
- In reply to: Alan Hadsell: "Re: No shell only forwarding"
- Next in thread: Alan Hadsell: "Re: No shell only forwarding"
- Reply: Alan Hadsell: "Re: No shell only forwarding"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
