Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU |
"Scott Prive" <Scott.Prive at storigen.com> writes: > I would have thought rbash could be configured to disallow this > (or ignore rc files altogether). That may or may not be possible > (there is always the source), but I'm very surprised this problem > has not been solved before. This problem in fact has been solved before, in the commercial ssh server; it comes with a dummy shell for just this purpose. I just wrote a test script to verify the behavior by logging its parameters and stdin to a file on the server. When using openssh's scp as follows: % scp /etc/termcap user at server: the log shows that the shell on the remote end was invoked with the parameters "-c scp -t ." % scp /etc/termcap user at server:/tmp/foo resulted in the parameters "-c scp -t /tmp/foo" So you can write a dummy shell that checks those parameters and fires up scp if it's requested, or prints a "no logins allowed" message otherwise. sftp user at server yields the parameters "-c /usr/libexec/openssh/sftp-server", so you should allow for that as well. -- John Abreau / Executive Director, Boston Linux & Unix ICQ 28611923 / AIM abreauj / JABBER jabr at jabber.org / YAHOO abreauj Email jabr at blu.org / WWW http://www.abreau.net / PGP-Key-ID 0xD5C7B5D9 PGP-Key-Fingerprint 72 FB 39 4F 3C 3B D6 5B E0 C8 5A 6E F1 2C BE 99 "An idealist is just a farsighted pragmatist." -Anon -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 344 bytes Desc: not available URL: <http://lists.blu.org/pipermail/discuss/attachments/20020731/8cc45d68/attachment.sig>
BLU is a member of BostonUserGroups | |
We also thank MIT for the use of their facilities. |