On Mon, Oct 29, 2001 at 01:51:48PM +0100, Christian Kurz wrote:
On 29/10/01, Emmanuel Lacour wrote:
On Mon, Oct 29, 2001 at 09:48:00AM +1300, Stephen Andrew wrote:
What about a package ssh-chroot in debian? I think the pam module is
more interesting as it can be aplied to other thinks, but
On Mon, Oct 29, 2001 at 09:48:00AM +1300, Stephen Andrew wrote:
There is a chroot patch for the potato openssh-1.2.3 source in /contrib
however it appears to be broken.
I have created a modified diff for the Debian package source which will
apply the patch correctly and build an
On 29/10/01, Emmanuel Lacour wrote:
On Mon, Oct 29, 2001 at 09:48:00AM +1300, Stephen Andrew wrote:
What about a package ssh-chroot in debian? I think the pam module is
more interesting as it can be aplied to other thinks, but I tried it and
was unable to make it working (I'm not a pam
At 1:02 Uhr +0200 27.10.2001, Javier Fernández-Sanguino Peña wrote:
Umm... couldn't you have a restricted environment but with
commands hard-linked in it to the proper ones and restricting thoroughly
the hard links? (only rX, no w bits) The problem is how to do this
automatically (and
On Mon, Oct 29, 2001 at 01:51:48PM +0100, Christian Kurz wrote:
On 29/10/01, Emmanuel Lacour wrote:
On Mon, Oct 29, 2001 at 09:48:00AM +1300, Stephen Andrew wrote:
What about a package ssh-chroot in debian? I think the pam module is
more interesting as it can be aplied to other thinks, but
On Sat, Oct 27, 2001 at 01:02:45AM +0200, Javier Fernández-Sanguino Peña wrote:
Umm... couldn't you have a restricted environment but with
commands hard-linked in it to the proper ones and restricting thoroughly
the hard links? (only rX, no w bits) The problem is how to do this
Sunny Dubey [EMAIL PROTECTED] writes:
The problem is, how can an admin restrict remote access from a given
user (through telnet and/or sshd) in order to limit his moves inside
the operating system.
no idea if this will help
but you could change their shells from bash to rbash (or
well give credit to it to Vasil Kolev
/home/image.root is an image of what you want your users to have.
Ivan Dimitrov
System Administrator
Bastun Networks
On Sat, 27 Oct 2001, Javier [iso-8859-1] Fernández-Sanguino Peña wrote:
I would be interested only in
standards is to have them.
-- Bruce Schneier, creator of the Twofish algorithm
-Original Message-
From: Javier Fernández-Sanguino Peña [mailto:[EMAIL PROTECTED]]
Sent: Saturday, 27 October 2001 02:15
To: [EMAIL PROTECTED]
Subject: [off-topic?] Chrooting ssh/telnet users
It seems pam_chroot is available at
http://www.kernel.org/pub/linux/libs/pam/pre/modules/
I will try and take a look at it...
Javi
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
argh, this sounds like the sort of thing that would've been useful
when i set up rsync on our company backup machine (as opposed to writing
a small shell that chrooted and ran rsync).
it doesn't appear to be in debian unstable; apt-cache shows no third
party module for it, and it's most
On Fri, Oct 26, 2001 at 04:35:14PM +0100, Tim Haynes wrote:
Rishi L Khan [EMAIL PROTECTED] writes:
I think the only way to accomplish a chroot IS to include all the files
in the jail that the user needs.
[snip]
Yes. Somehow, if you're going to run something, it needs to be in the jail.
On Sat, Oct 27, 2001 at 01:02:45AM +0200, Javier Fernández-Sanguino Peña wrote:
Umm... couldn't you have a restricted environment but with
commands hard-linked in it to the proper ones and restricting thoroughly
the hard links? (only rX, no w bits) The problem is how to do this
Sunny Dubey [EMAIL PROTECTED] writes:
The problem is, how can an admin restrict remote access from a given
user (through telnet and/or sshd) in order to limit his moves inside
the operating system.
no idea if this will help
but you could change their shells from bash to rbash (or bash
well give credit to it to Vasil Kolev
/home/image.root is an image of what you want your users to have.
Ivan Dimitrov
System Administrator
Bastun Networks
On Sat, 27 Oct 2001, Javier [iso-8859-1] Fern?ndez-Sanguino Pe?a wrote:
I would be interested only in
standards is to have them.
-- Bruce Schneier, creator of the Twofish algorithm
-Original Message-
From: Javier Fernández-Sanguino Peña [mailto:[EMAIL PROTECTED]
Sent: Saturday, 27 October 2001 02:15
To: debian-security@lists.debian.org
Subject: [off-topic?] Chrooting ssh
It seems pam_chroot is available at
http://www.kernel.org/pub/linux/libs/pam/pre/modules/
I will try and take a look at it...
Javi
On Fri, Oct 26, 2001 at 05:25:28PM +0200, Christian Kurz wrote:
That's a wrong assumption. At least RedHat contains a pam_chroot.so
module which can be used in connection with the latest ssh to limit a
user into a chroot. I'm just wondering if that module is packaged
already for debian or
On Friday 26 October 2001 09:14 am, Javier Fernández-Sanguino Peña wrote:
I have been asked for this and I was trying to figure out how to do it
(would document it later on in the Securing-Debian-Manual). So please,
excuse me if you feel this is off-topic.
The problem is, how can an admin
I would be interested only in the chroot patch. Is there any
reason you have not contributed it to openssh? Do you want me to do it?
Best regards
Javi
On Fri, Oct 26, 2001 at 05:24:13PM +0300, Ivan Dimitrov wrote:
recently i've worked on a small patch for openssh that
On Fri, Oct 26, 2001 at 04:35:14PM +0100, Tim Haynes wrote:
Rishi L Khan [EMAIL PROTECTED] writes:
I think the only way to accomplish a chroot IS to include all the files
in the jail that the user needs.
[snip]
Yes. Somehow, if you're going to run something, it needs to be in the jail.
Javier Fernández-Sanguino Peña [EMAIL PROTECTED] writes:
Yes. Somehow, if you're going to run something, it needs to be in the
jail. Various alternatives to consider for various reasons : busybox,
rbash, sash.
What would be nice would be a union-mount, so you could graft a real
/bin on
argh, this sounds like the sort of thing that would've been useful
when i set up rsync on our company backup machine (as opposed to writing
a small shell that chrooted and ran rsync).
it doesn't appear to be in debian unstable; apt-cache shows no third
party module for it, and it's most
On Fri, Oct 26, 2001 at 04:35:14PM +0100, Tim Haynes wrote:
Rishi L Khan [EMAIL PROTECTED] writes:
I think the only way to accomplish a chroot IS to include all the files
in the jail that the user needs.
[snip]
Yes. Somehow, if you're going to run something, it needs to be in the jail.
On Fri, Oct 26, 2001 at 05:25:28PM +0200, Christian Kurz wrote:
That's a wrong assumption. At least RedHat contains a pam_chroot.so
module which can be used in connection with the latest ssh to limit a
user into a chroot. I'm just wondering if that module is packaged
already for debian or not.
On Friday 26 October 2001 09:14 am, Javier Fernández-Sanguino Peña wrote:
I have been asked for this and I was trying to figure out how to do it
(would document it later on in the Securing-Debian-Manual). So please,
excuse me if you feel this is off-topic.
The problem is, how can an admin
I would be interested only in the chroot patch. Is there any
reason you have not contributed it to openssh? Do you want me to do it?
Best regards
Javi
On Fri, Oct 26, 2001 at 05:24:13PM +0300, Ivan Dimitrov wrote:
recently i've worked on a small patch for openssh that
On Fri, Oct 26, 2001 at 04:35:14PM +0100, Tim Haynes wrote:
Rishi L Khan [EMAIL PROTECTED] writes:
I think the only way to accomplish a chroot IS to include all the files
in the jail that the user needs.
[snip]
Yes. Somehow, if you're going to run something, it needs to be in the jail.
Javier Fernández-Sanguino Peña [EMAIL PROTECTED] writes:
Yes. Somehow, if you're going to run something, it needs to be in the
jail. Various alternatives to consider for various reasons : busybox,
rbash, sash.
What would be nice would be a union-mount, so you could graft a real
/bin on
I have been asked for this and I was trying to figure out how to do it
(would document it later on in the Securing-Debian-Manual). So please,
excuse me if you feel this is off-topic.
The problem is, how can an admin restrict remote access from a given user
(through telnet and/or sshd) in order
Set the shell for the user in /etc/passwd to a script that chroots and
then spawns a shell.
-rishi
On Fri, 26 Oct 2001, Javier [iso-8859-1] Fernández-Sanguino Peña wrote:
I have been asked for this and I was trying to figure out how to do it
(would document it later on in the
recently i've worked on a small patch for openssh that chroots a user when
he logs in. it uses mysql for password auth. it is not posted anyware but
if you want it, send me a personal mail.
Ivan Dimitrov
System Administrator
Bastun Networks
On Fri, 26 Oct 2001,
On Fri, 2001-10-26 at 15:51, Rishi L Khan wrote:
Set the shell for the user in /etc/passwd to a script that chroots and
then spawns a shell.
-rishi
Hmmm, That wouldn't work as intended - since the jailed environment
would have to contain all files/libraries the user needs to
On Fri, 26 Oct 2001, Rishi L Khan wrote:
Set the shell for the user in /etc/passwd to a script that chroots and
then spawns a shell.
That is very difficult to do. Chroot can only be run by root.
On Fri, 26 Oct 2001, Javier [iso-8859-1] Fernández-Sanguino Peña wrote:
I have been asked for
I think the only way to accomplish a chroot IS to include all the files in
the jail that the user needs.
-rishi
On 26 Oct 2001, Paul Fleischer wrote:
On Fri, 2001-10-26 at 15:51, Rishi L Khan wrote:
Set the shell for the user in /etc/passwd to a script that chroots and
Rishi L Khan [EMAIL PROTECTED] writes:
I think the only way to accomplish a chroot IS to include all the files
in the jail that the user needs.
[snip]
Yes. Somehow, if you're going to run something, it needs to be in the jail.
Various alternatives to consider for various reasons : busybox,
On 26/10/01, Javier Fernández-Sanguino Peña wrote:
The problem is, how can an admin restrict remote access from a given user
(through telnet and/or sshd) in order to limit his moves inside the
operating system.
[...]
AFAIK, pam only allows to limit some user accesses (cores, memory
limits..)
I have been asked for this and I was trying to figure out how to do it
(would document it later on in the Securing-Debian-Manual). So please,
excuse me if you feel this is off-topic.
The problem is, how can an admin restrict remote access from a given user
(through telnet and/or sshd) in order to
Set the shell for the user in /etc/passwd to a script that chroots and
then spawns a shell.
-rishi
On Fri, 26 Oct 2001, Javier [iso-8859-1] Fern?ndez-Sanguino Pe?a wrote:
I have been asked for this and I was trying to figure out how to do it
(would document it later on in the
recently i've worked on a small patch for openssh that chroots a user when
he logs in. it uses mysql for password auth. it is not posted anyware but
if you want it, send me a personal mail.
Ivan Dimitrov
System Administrator
Bastun Networks
On Fri, 26 Oct 2001,
On Fri, 2001-10-26 at 15:51, Rishi L Khan wrote:
Set the shell for the user in /etc/passwd to a script that chroots and
then spawns a shell.
-rishi
Hmmm, That wouldn't work as intended - since the jailed environment
would have to contain all files/libraries the user needs to
On Fri, 26 Oct 2001, Rishi L Khan wrote:
Set the shell for the user in /etc/passwd to a script that chroots and
then spawns a shell.
That is very difficult to do. Chroot can only be run by root.
On Fri, 26 Oct 2001, Javier [iso-8859-1] Fernández-Sanguino Peña wrote:
I have been asked for
I think the only way to accomplish a chroot IS to include all the files in
the jail that the user needs.
-rishi
On 26 Oct 2001, Paul Fleischer wrote:
On Fri, 2001-10-26 at 15:51, Rishi L Khan wrote:
Set the shell for the user in /etc/passwd to a script that chroots and
Rishi L Khan [EMAIL PROTECTED] writes:
I think the only way to accomplish a chroot IS to include all the files
in the jail that the user needs.
[snip]
Yes. Somehow, if you're going to run something, it needs to be in the jail.
Various alternatives to consider for various reasons : busybox,
On 26/10/01, Javier Fernández-Sanguino Peña wrote:
The problem is, how can an admin restrict remote access from a given user
(through telnet and/or sshd) in order to limit his moves inside the
operating system.
[...]
AFAIK, pam only allows to limit some user accesses (cores, memory
limits..)
45 matches
Mail list logo