Look up informatin on ssh-dummy-shell
it only allows you to run sftp-server and that's it. If you try a standard
ssh connection it just says "Press any key to quit".
Serge.
On 2001.04.27 16:09:27 -0400 Lucy Hou wrote:
> All,
>
> I have a concern with sftp/ssh. Sure, sftp make ftp transfer secure,
> but in order to make sftp work, ssh has to work in the first place. It
> is ok in a situation when server end "trust" the client, like corporate
> intranet. But what about when the client can't be fully trusted? With a
> regular ftp, all that a client can do is read, write and delete, it
> can't execute. But with sftp/ssh, the client has to have some kind of
> execute capability ( it has to be able to run sftp-server). It is still
> ok if the client is not allowed to write to server. But what if the
> situation requires that the client has write permisson? Now, what can
> one do to prevent a client put some "bad" executiable on the server and
> run it?!
>
> Anyone has any good idea?
>
> Cheers.
> /lh
>
>
--
Serge Paquin
CIO
The Big Circle Inc.
