BLU Discuss list archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

allowing scp but not ssh (here's how)

Subject: allowing scp but not ssh (here's how)
From: Scott.Prive at storigen.com (Scott Prive)
Date: Fri, 26 Jul 2002 10:15:51 -0400

Really? I attempted to defeat this using your menthod, and I failed. Did I miss a step?

1) Create the environment file on another machine
$ cat .bash_profile
PATH=/bin:/usr/bin:/usr/local/bin:/usr/local/sbin:/usr/sbin:/sbin:$PATH:$HOME/bin

export PATH

2) copy it over (tried both .bash_profile and .bashrc).
NOTE that rbash at the other end, seems to parse the file right away, and barf
(The funny "Administrator" shell prompt here is a side effect of running Cygwin on my NT box)
Administrator at PRIVES ~/temp-area
$ scp .bash_profile qatest at tower15:/sfs/qatest/.bash_profile
qatest at tower15's password:
rbash: export: `/bin:/usr/bin:/usr/local/bin:/usr/local/sbin:/usr/sbin:/sbin:/usr/local/bin:/bin:/usr/bin:/sfs/
qatest/bin': not a valid identifier
.bash_profile        100% |************************************************************|    95       00:00

Administrator at PRIVES ~/temp-area
$ scp .bash_profile qatest at tower15:/sfs/qatest/.bashrc
qatest at tower15's password:
rbash: export: `/bin:/usr/bin:/usr/local/bin:/usr/local/sbin:/usr/sbin:/sbin:/usr/local/bin:/bin:/usr/bin:/sfs/
qatest/bin': not a valid identifier
.bash_profile        100% |************************************************************|    95       00:00

3) Attempt remote ssh login
Administrator at PRIVES ~/temp-area
$ ssh qatest at tower15
qatest at tower15's password:

We're sorry, but you do not have shell access to this machine.
Please contact the system administrator for support.

Connection to tower15 closed.

Administrator at PRIVES ~/temp-area
$
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%

Did I miss something Alex, or does your circumvention method perhaps not work with rbash as the shell?

-Scott

-----Original Message-----
From: Alex Pennace [mailto:alex at pennace.org]
Sent: Thursday, July 25, 2002 5:19 PM
To: Scott Prive
Cc: Struts User; discuss at blu.org
Subject: Re: allowing scp but not ssh (here's how)

On Thu, Jul 25, 2002 at 04:39:41PM -0400, Scott Prive wrote:
> %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
> 
> NOW, since I can't ssh into the box as  qatest...
> 
> $ ssh root at tower15 grep qatest /etc/passwd
> root at tower15's password:
> qatest:x:507:507:tower15a.storigen.com Account:/sfs/qatest:/bin/rbash
> %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%

To work around this, use scp to copy a shell script to qatest's
~/.bashrc and ~/.bash_profile that sets PATH to something normal, like
/bin:/usr/bin:/usr/local/bin. Shell access should be restored.

Follow-Ups:
- allowing scp but not ssh (here's how)
  - From: alex at pennace.org (Alex Pennace)

Prev by Date: linux dialin server help!
Next by Date: IBM fails to stab Aix in the front
Previous by thread: allowing scp but not ssh (here's how)
Next by thread: allowing scp but not ssh (here's how)
Index(es):
- Date
- Thread


BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Boston Linux & Unix / webmaster@blu.org