[Freebsd-security] Re: Multi-User Security - Crist J. Clark - org.freebsd.freebsd-security

18 messages in org.freebsd.freebsd-security[Freebsd-security] Re: Multi-User Sec...

From	Sent On	Attachments
David E. Meier	May 17, 2004 5:08 am
Frankye - ML	May 17, 2004 6:11 am
Jan Grant	May 17, 2004 6:26 am
Richard Coleman	May 17, 2004 6:56 am
Norberto Meijome	May 17, 2004 9:41 pm
Gregory Sutter	May 18, 2004 1:35 am
Dan Rue	May 18, 2004 9:05 am
Remko Lodder	May 18, 2004 9:10 am
David E. Meier	May 18, 2004 9:32 am
Dan Rue	May 19, 2004 8:30 pm
Remko Lodder	May 20, 2004 1:56 pm
Doug Barton	Jun 7, 2004 6:38 am
Crist J. Clark	Jun 7, 2004 8:41 pm
Doug Barton	Jun 9, 2004 12:03 pm
Crist J. Clark	Jun 14, 2004 10:42 am
Bruce M Simpson	Jun 14, 2004 11:56 am
Lupe Christoph	Jun 14, 2004 3:48 pm
Remko Lodder	Jun 14, 2004 4:05 pm

Subject:	[Freebsd-security] Re: Multi-User Security
From:	Crist J. Clark (cris...@comcast.net)
Date:	Jun 7, 2004 8:41:41 pm
List:	org.freebsd.freebsd-security

On Sun, Jun 06, 2004 at 11:38:55PM -0700, Doug Barton wrote:

On Wed, 19 May 2004, Dan Rue wrote:

You obviously havn't tried to chroot scponly users.. _that's_ the tricky part. Especially if you want it to scale up beyond a handful of users. If i'm wrong - fill me in i'd love to hear how to do it.

Have you considered using ~/.ssh/authorized_keys to restrict the account from tty access? This would allow you to do commands (like scp) without the risk of the user getting an actual shell.

$ ssh host /bin/sh

You don't need a tty to get an interactive shell.

	Start a set with this search
	Include this search in one of my sets
	Exclude this search from one of my sets