Network Security: Detailed info on Re: openssh: Enabling sftp, but disabling ssh?

Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.

Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.

Network Security Secure-Shell

[Top] [All Lists]

Re: openssh: Enabling sftp, but disabling ssh?

from [Benjamin Donnachie] Network Security

[Permanent Link]

Subject:	Re: openssh: Enabling sftp, but disabling ssh?
Date:	Sat, 09 Sep 2006 19:07:25 +0100

Derek Martin wrote:

I will say I wrote rssh in part because I thought Joe's approach to
scponly was more complicated and hard to audit


I did stop using rssh as whenever I tried to access ~ on the remote end
it would cause an error message that /chroot/home/user didn't exist;
which, of course, it doesn't from within the chroot.  Whereas scponly
would reject ~ with an error regarding wildcards, which was less
confusing for users.

However!  This thread has just made me realise that a symlink inside the
chroot linking /chroot/chroot to /chroot (Or rather chroot to . within
/chroot) means that rssh works perfectly again!  So I've gone back to
using it again! :)

I did consider modifying rssh so that it substitutes the user's home
path from the chroot's passwd file for ~ but that may not be appropriate
for all circumstances and the symlink is easy enough to implement.

Take care,

Ben

[More messages with this same subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
RE: openssh: Enabling sftp, but disabling ssh?, (continued) RE: openssh: Enabling sftp, but disabling ssh?, Patrick Morris Re: openssh: Enabling sftp, but disabling ssh?, Coleman Kane RE: openssh: Enabling sftp, but disabling ssh?, Tevfik Karagülle Re: openssh: Enabling sftp, but disabling ssh?, Derek Martin Message not available Re: openssh: Enabling sftp, but disabling ssh?, Derek Martin Re: openssh: Enabling sftp, but disabling ssh?, Jose David Hidalgo Herrera Re: openssh: Enabling sftp, but disabling ssh?, Benjamin Donnachie RE: openssh: Enabling sftp, but disabling ssh?, Mark Holden Re: openssh: Enabling sftp, but disabling ssh?, Benjamin Donnachie Re: openssh: Enabling sftp, but disabling ssh?, Derek Martin Re: openssh: Enabling sftp, but disabling ssh?, Benjamin Donnachie <= Re: openssh: Enabling sftp, but disabling ssh?, Coleman Kane Re: openssh: Enabling sftp, but disabling ssh?, Derek Martin Re: openssh: Enabling sftp, but disabling ssh?, Darren Tucker Re: openssh: Enabling sftp, but disabling ssh?, Jan Metzger

Previous by Date:	Re: SSH key authentication - can only login as root, Tomasz Chmielewski
Next by Date:	One account with multiple keys -- which one was used?, Wayne Betts
Previous by Thread:	Re: openssh: Enabling sftp, but disabling ssh?, Derek Martin
Next by Thread:	Re: openssh: Enabling sftp, but disabling ssh?, Coleman Kane
Indexes:	[Date] [Thread] [Top] [All Lists]