Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Secure-Shell
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Scp & sftp with no shell access or restricted access

from [Rob Creely] Network Security [Permanent Link]
Subject: Re: Scp & sftp with no shell access or restricted access
Date: Mon, 13 Nov 2006 20:51:50 -0500 
On 11/12/06, Massimo <massimo.mail@quipo.it> wrote:
Hello,

I need to provide users with sftp and scp access to unix servers without
the possibility to open a shell on the server.

It would also be useful to give user:
1) restricted shell
2) Chroot sftp/scp access

I need to do this kind of condiguration on HP-UX, Solaris, Linux & AIX.

How can I do? Can I do it with "standard & supported" software or do I
need external software?

Do you have any ideas? 

I don't believe OpenSSH can accomplish what your looking for out of
box.  That said, there are a couple "plugins" or external software out
there that can accomplish what you are looking for.  Specifically I
know of RSSH and SCPONLY

RSSH
http://www.pizzashack.org/rssh/
Verified to work on:
   *  A wide variety of Linux distributions, on IA32 and IA64 hardware
   * Compaq Tru64 Unix
   * Solaris 2.x - 8 (under certain conditions -- see the security link)
   * AIX 5.1
   * HP/UX 11.00 (PA-RISC)
   * HP/UX 11.22 (IA64)
   * Irix 6.5
chroot capable

SCPONLY
http://sublimation.org/scponly/wiki/index.php/Main_Page
-Would assume it works on most Unix/Linux platforms when built from source
-chroot capable

Hope this helps.

--Rob

[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Fw: Odd key problem, Keith Edmunds
Next by Date:  Re: Emulating ssh's -D option, if TCP forwarding is disabled, Thomas Hafner
Previous by Thread:  Re: Scp & sftp with no shell access or restricted access, Rob Munsch
Next by Thread:  Re: Scp & sftp with no shell access or restricted access, Greg Bell
Indexes:  [Date] [Thread] [Top] [All Lists]