Re: ssh remote command problem;

On Dec 7, 5:35 pm, p...@xxxxxxxxxxxx (Per Hedeland) wrote:
In article
<0ccd09b6-d4f0-430d-9311-becabcaaf...@xxxxxxxxxxxxxxxxxxxxxxxxxxxx>

rpna...@xxxxxxxxx writes:

I did the fix as a normal user. So did NOT touch the /usr/bin/scp as
root. (we have many other users so I prefer not to mess with my root
privilages) I aliased my scp to ~/bin/scp in which I stuffed the shell
script you recommended.

THat one invokes the ~/bin/run_post_processor which does the
postprocessing. Works like clockwork.

But it seems to get invked on outgoing scp calls as well.(obviously!)
Is there any way to test/prevent that?

You can do what the scp code itself does:

while ((ch = getopt(argc, argv, "dfl:prtvBCc:i:P:q1246S:o:F:")) != -1)
switch (ch) {
...
/* Server options. */
case 'd':
targetshouldbedirectory = 1;
break;
case 'f': /* "from" */
iamremote = 1;
fflag = 1;
break;
case 't': /* "to" */
iamremote = 1;
tflag = 1;
...

I.e. only invoke the postprocessor when one of the 't' and 'f' options
are given.

--Per Hedeland
p...@xxxxxxxxxxxx

Perfect guys! I will do just that! grep to see the presence of the -t
and -f options. Thanks for your help again; these seem undocumented
features; I cannot see them explained elsewhere.

PS. I had made another easy hack so that the post-processor was
invoked only on incoming scp's. I only aliased the scp to my
custom_scp in early lines in ~/.cshrc. Later I have the section which
execs only if a tty is present. There I again make it point to the
original /usr/bin/scp. This seems to get the desired functionality.
i.e. post-processing only on incoming scp's.
.

Relevant Pages

  • Re: [Full-Disclosure] Re: Re: Any update on SSH brute force attempts?
    ... automated use of 'scp' etc. ... > places that require root access. ... Allowing root ssh access but setting policy on its use seems a better option ...
    (Full-Disclosure)
  • Re: scp as root, but not ssh?
    ... Is it possible to allow scp between machines as root ... # Use this to prevent accounts from doing anything other than scp ... # only within their own HOME directory. ...
    (comp.unix.solaris)
  • Re: ssh remote command problem;
    ... I did the fix as a normal user. ... (we have many other users so I prefer not to mess with my root ... But it seems to get invked on outgoing scp calls as well. ...
    (comp.security.ssh)
  • Re: multihost master.passwd sync
    ... On Tuesday 27 May 2003 12:31 pm, Andy Harrison wrote: ... >> so you scp the file to a directory owned by a user designated to only do ... > Root can't scp a file from one host to another where remote root login is ...
    (FreeBSD-Security)
  • Re: SCP problem
    ... Incoming from s. ... >> department server. ... When i try to scp something all i get is the ... >> timestamp. ...
    (Debian-User)