Hello group
This seems strange to me, perhaps someone here has encountered this
situation, and either has found a solution to it, or can confirm that
there is no solution:
Using ssh.com's version 3.2 ssh server for Windows, I can't seem to
actually prevent remote command execution. The server is intended for
sftp only, and yet it doesn't seem to be possible to completely prevent
remote commands.
The "PermitUserTerminal" variable is set to "no" in the config file -
this has the effect of preventing an interactive login, but executing
individual commands is still entirely possible:
plink user@host
Using username "user".
user@host's password:
FATAL ERROR: Server refused to start a shell/command
plink user@host cmd /c dir c:\
Using username "user".
user@host's password:
[SNIP - big old directory listing]
The 4.3 version adds two new options: Terminal.AllowUsers and
Terminal.DenyUsers. In the 4.3 documentation it states: "Note that when
terminal access is denied so is remote command execution"
So, my question is twofold -
(A) Am I right that it's actually impossible to set up a truly sftp-only
server using the 3.2.x series of ssh servers for Windows? This seems
counterintuitive, but dumber things have been true of even more
expensive commercial software...
(B) Can anyone confirm that it actually does work in the 4.3.x version?
Thanks in advance, and apologies if this has been covered recently
already.
Mark Senior
---End sensible content---
This email and any files transmitted with it are confidential and intended
solely for the use of the individual or entity to whom they are addressed. If
you have received this email in error please notify the system manager. This
message contains confidential information and is intended only for the
individual named. If you are not the named addressee you should not
disseminate, distribute or copy this e-mail.
