Re: [gentoo-user] Jailing SCP and SFTP users
On Tue, 2005-02-22 at 18:27, Haim Ashkenazi wrote: > On Tuesday 22 February 2005 09:42, Ducky Z. wrote: > > Is there a way to jail scp and sftp users to their homes, just like we > > could do it with "proftpd"? Even though the users cannot open files, > > they can still browse the file system :( > yes. scponly is a shell that only allowes scp/sftp and has the option of > jail. there was another one (I don't remember it's name), but due to > security issues it's now masked. IIRC, it's called rssh -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Jailing SCP and SFTP users
On Tuesday 22 February 2005 17:07, A. Khattri wrote: > On Tue, 22 Feb 2005, Haim Ashkenazi wrote: > > > The other one was rssh maybe? > > > (I dont see it masked BTW). > > > > I think so. a few weeks ago it was masked, but maybe he fixed the > > security issue... > > I use rssh on one of my servers, there were one or two updates over the > past few months which were probably fixes. As well as scp and sftp, rssh > also allows rsync. ok, I've searched in the bug list and here it is. go to: http://bugs.gentoo.org/show_bug.cgi?id=72816 and read comment #6 if you read further you'll see that the mask was removed due to new upstream version about a month later... Bye -- Haim pgpcD6eARBzBY.pgp Description: PGP signature
Re: [gentoo-user] Jailing SCP and SFTP users
On Tue, 22 Feb 2005, Haim Ashkenazi wrote: > > The other one was rssh maybe? > > (I dont see it masked BTW). > I think so. a few weeks ago it was masked, but maybe he fixed the security > issue... I use rssh on one of my servers, there were one or two updates over the past few months which were probably fixes. As well as scp and sftp, rssh also allows rsync. -- -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Jailing SCP and SFTP users
On Tuesday 22 February 2005 15:40, A. Khattri wrote: > On Tue, 22 Feb 2005, Haim Ashkenazi wrote: > > On Tuesday 22 February 2005 09:42, Ducky Z. wrote: > > > Is there a way to jail scp and sftp users to their homes, just like > > > we could do it with "proftpd"? Even though the users cannot open > > > files, they can still browse the file system :( > > > > yes. scponly is a shell that only allowes scp/sftp and has the option > > of jail. there was another one (I don't remember it's name), but due to > > security issues it's now masked. > > The other one was rssh maybe? > (I dont see it masked BTW). I think so. a few weeks ago it was masked, but maybe he fixed the security issue... Bye -- Haim pgpJbrBWbxvib.pgp Description: PGP signature
RE: [gentoo-user] Jailing SCP and SFTP users
> Even though the users cannot open files, they can still browse the > file system :( Why don't you chroot those users? --- Chris Covington IT Plus One Holdings, Inc. 75 Maiden Lane Suite 801 NY, NY 10038 646-312-6269 http://www.plusoneactive.com -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Jailing SCP and SFTP users
On Tue, 22 Feb 2005, Haim Ashkenazi wrote: > On Tuesday 22 February 2005 09:42, Ducky Z. wrote: > > Is there a way to jail scp and sftp users to their homes, just like we > > could do it with "proftpd"? Even though the users cannot open files, > > they can still browse the file system :( > yes. scponly is a shell that only allowes scp/sftp and has the option of > jail. there was another one (I don't remember it's name), but due to > security issues it's now masked. The other one was rssh maybe? (I dont see it masked BTW). -- cookie jar n. An area of memory set aside for storing cookies. Most commonly heard in the Atari ST community; many useful ST programs record their presence by storing a distinctive magic number in the jar. Programs can inquire after the presence or otherwise of other programs by searching the contents of the jar. -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Jailing SCP and SFTP users
On Tuesday 22 February 2005 09:42, Ducky Z. wrote: > Is there a way to jail scp and sftp users to their homes, just like we > could do it with "proftpd"? Even though the users cannot open files, > they can still browse the file system :( yes. scponly is a shell that only allowes scp/sftp and has the option of jail. there was another one (I don't remember it's name), but due to security issues it's now masked. Bye -- Haim pgp8uw3uTAuwl.pgp Description: PGP signature
[gentoo-user] Jailing SCP and SFTP users
Is there a way to jail scp and sftp users to their homes, just like we could do it with "proftpd"? Even though the users cannot open files, they can still browse the file system :( Sincerely, Dz -- gentoo-user@gentoo.org mailing list