Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Secure-Shell
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Unique ssh/sftp requirement

from [Robert Hajime Lanning] Network Security [Permanent Link]
Subject: Re: Unique ssh/sftp requirement
Date: Tue, 27 Jun 2006 16:44:14 -0700 
This cannot be done by the firewall.  SSH is a opaque encrypted tunnel.

You have to handle this outside the tunnel part.  ie. at the client or
server end.
Preferably at the server end, where there is more trust.

But how do you give shell without the capability to transfer a file?  You can't,
unless you remove the file transfer parts of the server and create a restricted
shell for the user.

$ tar -cf - dir-of-files | ssh servername "tar -xf -"
$ ssh servername "cat > file.txt" < file.txt
...

On 6/26/06, Odaniel, Jim (Mission Systems) <Jim.Odaniel@ngc.com> wrote: 
Hi,
        I have a unique ssh/sftp requirement.  I have two networks
separated by a firewall.  I would like to allow anyone on my "internal"
network to ssh to my "external" network but I would like to control who
is allowed to sftp/scp files from my internal network to my external
network.  How can I do this?  Is there a way to do this if my firewall
doesn't support controlling such an activity?  Will setting up some kind
of internal proxy/port forwarding server do the trick?

The version that I am using is:
OpenSSH_4.1, OpenSSL 0.9.7e 25 Oct 2004
HP-UX Secure Shell - A.04.00.000

Thanks for your help!
Jim O'Daniel
Unix Systems Administrator Northrop Grumman
Jim.odaniel@ngc.com




--
And, did Guloka think the Ulus were too ugly to save?
                                        -Centauri

[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Unique ssh/sftp requirement, Odaniel, Jim (Mission Systems)
Next by Date:  Re: Unique ssh/sftp requirement, Johan De Meersman
Previous by Thread:  Unique ssh/sftp requirement, Odaniel, Jim (Mission Systems)
Next by Thread:  Re: Unique ssh/sftp requirement, Landry Brunel
Indexes:  [Date] [Thread] [Top] [All Lists]