Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Secure-Shell
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: ssh restrictions (/etc/ssh_config)

from [Rainer Peter Feller] Network Security [Permanent Link]
Subject: Re: ssh restrictions (/etc/ssh_config)
Date: Wed, 19 Sep 2007 09:39:56 +0200 
On Tue, 2007-09-18 at 12:19 +0100, Martin Simovic wrote:

Hi,

is there a way to restrict commands passed to ssh (client) to override
command line options

i need to restrict PermitLocalCommand to 'no', even if specified 'yes'
on command line

man ssh_config says

ssh obtains configuration data from the following sources in the followâ
ing order:
           1.   command-line options
           2.   userâs configuration file (~/.ssh/config)
           3.   system-wide configuration file (/etc/ssh/ssh_config)

so it looks like that /etc/ssh/ssh_config is overridden by command line
argument ssh -o PermitLocalCommand=yes someuser@somehost

thank You,

martin. 

Hi,
this is a question which I asked some yaers ago, and every now and
again ... but without any answer ...
So I made a patch by myself, which I also update with every new release
For the Patch to openssh-4.7p1 see attachment
The name of the not overidable configfile is ssh_config_p

-- 
  H
CUH Rainer Peter Feller
  H

Attachment: openssh-4.7p1-paranoia.patch.bz2
Description: application/bzip

[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: OpenSSH with gssapi-with-mic hostname questions, Joel Johnson
Next by Date:  Re: ssh restrictions (/etc/ssh_config), Martin Simovic
Previous by Thread:  ssh restrictions (/etc/ssh_config), Martin Simovic
Next by Thread:  Re: ssh restrictions (/etc/ssh_config), Martin Simovic
Indexes:  [Date] [Thread] [Top] [All Lists]