Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Secure-Shell
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Restricting sftp commands

from [Robert L Sowders] Network Security [Permanent Link]
Subject: RE: Restricting sftp commands
Date: Thu, 22 Dec 2005 02:10:26 -1000 
This was solved about 3 years ago,

http://www.hackinglinuxexposed.com/articles/20030115.html

The command authenticator will work with any ssh/sftp command, even rsync 
or scp via ssh.

I don't see any reason to reinvent the paper clip if I need a paper clip.

Robert Sowders
Senior SA, Honolulu HI.

The contents of this message are mine personally and do
not reflect any position of the U.S. Government







"Mark Senior" <Mark.Senior@gov.ab.ca> 
12/21/2005 07:08 AM

To
"m l" <cmoimartin@hotmail.com>
cc
<secureshell@securityfocus.com>
Subject
RE: Restricting sftp commands






Probably the most robust thing would be to use file-system ACLs to
restrict users to the desired actions.

They could always try a "get" command, but it would fail if they tried
to download a file to which they lacked read permissions.

That would also have the advantage of working regardless of what means
they used to access the server - sftp, ssh, console, etc.

Regards
Mark

-----Original Message-----
From: m l
Sent: December 21, 2005 07:36
To: secureshell@securityfocus.com
Subject: Restricting sftp commands

I've install OpenSSH_4.2p1 with RSSH on Solaris 10. It only accept
"sftp" . 
I block SSh and the others.
But the user still able to do commands like "chmod" "put" ,"get" 
etc......under sftp.
Is there any way, when the user is in sftp prompt, to limit him to only
use for example "PUT" command ?

Martin

"Do, Or do not. There is no try."  -YODA-



This email and any files transmitted with it are confidential and intended 
solely for the use of the individual or entity to whom they are addressed. 
If you have received this email in error please notify the system manager. 
This message contains confidential information and is intended only for 
the individual named. If you are not the named addressee you should not 
disseminate, distribute or copy this e-mail.
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Restricting sftp commands, Derek Martin
Next by Date:  how to compile openssh with PUT commands only (under SFTP), m l
Previous by Thread:  RE: Restricting sftp commands, Mark Senior
Next by Thread:  RE: Restricting sftp commands, Fontanez Martin
Indexes:  [Date] [Thread] [Top] [All Lists]