Network Security: Detailed info on Re: ssh restrictions (/etc/ssh

Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.

Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.

Network Security Secure-Shell

[Top] [All Lists]

Re: ssh restrictions (/etc/ssh_config)

from [Martin Simovic] Network Security

[Permanent Link]

Subject:	Re: ssh restrictions (/etc/ssh_config)
Date:	Thu, 20 Sep 2007 16:56:14 +0100

On Thu, 2007-09-20 at 08:30 -0400, Greg Wooledge wrote:

On Wed, Sep 19, 2007 at 09:39:56AM +0200, Rainer Peter Feller wrote:

On Tue, 2007-09-18 at 12:19 +0100, Martin Simovic wrote:

is there a way to restrict commands passed to ssh (client) to override
command line options

So I made a patch by myself, which I also update with every new release
For the Patch to openssh-4.7p1 see attachment
The name of the not overidable configfile is ssh_config_p


What prevents people from bypassing this by using an unpatched client?


this is meant to run in a gateway (login system to external/internal
networks) which is running restricted shell.the only commands available
on the system are ssh and exit.

while with unpatched client user could do:

ssh -p PermitLocalCommand=yes somesystem.com

then on remote system ~~C

!/bin/bash

and the have unrestricted shell on a gateway! (even if /bin/bash is not
on their $PATH originally)

martin.

[More messages with this same subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
ssh restrictions (/etc/ssh_config), Martin Simovic Re: ssh restrictions (/etc/ssh_config), Rainer Peter Feller Re: ssh restrictions (/etc/ssh_config), Martin Simovic Re: ssh restrictions (/etc/ssh_config), Greg Wooledge Re: ssh restrictions (/etc/ssh_config), Martin Simovic Re: ssh restrictions (/etc/ssh_config), Martin Simovic <= Re: ssh restrictions (/etc/ssh_config), Rainer Peter Feller

Previous by Date:	Re: ssh restrictions (/etc/ssh_config), Martin Simovic
Next by Date:	Re: ssh restrictions (/etc/ssh_config), Rainer Peter Feller
Previous by Thread:	Re: ssh restrictions (/etc/ssh_config), Martin Simovic
Next by Thread:	Re: ssh restrictions (/etc/ssh_config), Rainer Peter Feller
Indexes:	[Date] [Thread] [Top] [All Lists]