SUMMARY: SSH/SFTP lockdown

From: Kruse, Jason K. <jason.kruse_at_teldta.com>
Date: Wed May 15 2002 - 11:35:56 EDT
Thanks to:
Daron.Barndon
Davorin Bengez
Greg Gallagher
Michael C. Ibarra
Jim Jones
Dennis Peterson 
Eric Shafto

No real answer that works with Solaris 8/F-Secure.  
Responses included:

Scponly:  http://sublimation.org/scponly/
rksh - Restricts shell nicely, however sftp still can access directories
/bin/true vs /bin/false (no shell access vs no access at all)
OpenSSH w/chroot patch

We're working on converting to OpenSSH, but until that happens we'll just
have to keep our eyes open.

Jason

> -----Original Message-----
> From: Kruse, Jason K. [mailto:jason.kruse@teldta.com]
> Sent: 5/13/2002 8:47 AM
> To: 'sunmanagers@sunmanagers.org'
> Subject: SSH/SFTP lockdown
> 
> 
> We have a customer who has requested using sftp to access files on our
> system.  I would like to restrict their access to their home 
> directory,
> however F-Secure does not provide the chroot ability on Solaris.  
> 
> I attempted to assign the user a bogus shell like /bin/false 
> or noshell but
> sftp just complained.  Other than creating a chroot 
> environment by hand
> (using jail or something similar) does anyone have other 
> suggestions to
> restrict access?
> 
> Jason
> _______________________________________________
> sunmanagers mailing list
> sunmanagers@sunmanagers.org
> http://www.sunmanagers.org/mailman/listinfo/sunmanagers
_______________________________________________
sunmanagers mailing list
sunmanagers@sunmanagers.org
http://www.sunmanagers.org/mailman/listinfo/sunmanagers
Received on Wed May 15 14:00:55 2002

This archive was generated by hypermail 2.1.8 : Thu Mar 03 2016 - 06:42:43 EST