Re: SV: Restrictions for password logins

2017-05-19 Thread walter harms 


Am 19.05.2017 16:34, schrieb Henrik Uggla:
> Permission to run one command, everything else should be denied.

why not modify .profile (or /bin/sh in /etc/profile) ?
anything else feels complicated.

re,
 wh


> 
> /HU
> 
> Från: Matt Johnston 
> Skickat: den 19 maj 2017 14:46
> Till: Henrik Uggla
> Kopia: dropbear@ucc.asn.au
> Ämne: Re: Restrictions for password logins
> 
> On Fri, May 19, 2017 at 07:42:21AM +, Henrik Uggla wrote:
>> Hi!
>>
>>
>> How can I set restrictions, like those given in authorized_keys, to all 
>> password logins?
> 
> Hi Henrik,
> 
> You can't set all of those restrictions like command= though
> you can disable TCP forwarding at compile time in options.h
> 
> What restrictions were you looking at?
> 
> Cheers,
> Matt

Re: Dropbear 2017.75

2017-05-19 Thread Matt Johnston 
On Fri, May 19, 2017 at 02:37:28PM +0200, Guilhem Moulin wrote:
> Hi Matt,
> 
> On Thu, 18 May 2017 at 23:02:09 +0800, Matt Johnston wrote:
> > Dropbear 2017.75 is released. This has a couple of security
> > fixes and a couple of bug fixes since 2016.74.
> 
> FYI https://matt.ucc.asn.au/dropbear/CHANGES yields 403 forbidden.

Sorry missed this email before. Noticed it myself just now
while requesting CVEs, I've fixed it.

Re: Restrictions for password logins

2017-05-19 Thread Matt Johnston 
On Fri, May 19, 2017 at 07:42:21AM +, Henrik Uggla wrote:
> Hi!
> 
> 
> How can I set restrictions, like those given in authorized_keys, to all 
> password logins?

Hi Henrik,

You can't set all of those restrictions like command= though
you can disable TCP forwarding at compile time in options.h

What restrictions were you looking at?

Cheers,
Matt

Re: Restrictions for password logins

2017-05-19 Thread walter harms 


Am 19.05.2017 09:42, schrieb Henrik Uggla:
> Hi!
> 
> 
> How can I set restrictions, like those given in authorized_keys, to all 
> password logins?
> 
> 
did you try the generalsetup at /etc/ssh/ssh_config ?

re,
 wh



> regards
> 
> HU
>

Restrictions for password logins

2017-05-19 Thread Henrik Uggla 
Hi!


How can I set restrictions, like those given in authorized_keys, to all 
password logins?


regards

HU