-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Fri, 4 Jun 2004 23:27:59 +0000, Diego Iastrubni <[EMAIL PROTECTED]> wrote: > > I want some users to be able to upload files to some site.The solution used > right now, is getting the private ssh keys from the users, and letting the > users to use "scp" to copy files to the remote server. > > However, I discovered that I can use "ssh [EMAIL PROTECTED] sh" to get a basic > shell on the box, and delete files on that dir (or others).
I had the same problem. As Ilya Konstantinov and Alex Behar wrote, If you need only to permit uploading, you can do it easily as they suggested. If you need some more options (such as secure downloading) see below. My solution was to jail the user by "chroot" by using 2 programs I wrote. With this option you can restrict what they can do. My configuration (on RH 7.2) is composed of the following elements - 1. The general /etc/passwd entry is: sshuser:*:777:888:ssh user example :/home/sshuser:/bin/scp_login 2. The home directory (jailed by `chroot' when sshed in) is composed of the following: /home/sshuser: dr-xrwxr-x 9 sshuser general 4096 May 6 11:48 . drwxr-xr-x 32 root general 4096 Apr 22 11:54 .. drwx------ 2 sshuser general 4096 Apr 25 12:17 .ssh drwx--x--- 2 ehud general 4096 May 19 12:20 bin drwxr-xr-x 2 root general 4096 May 5 11:35 etc drwxrwx--- 2 sshuser general 4096 Jun 1 11:01 from_to drwx--x--- 2 root general 4096 Apr 22 17:55 lib /home/sshuser/.ssh: drwx------ 2 sshuser general 4096 Apr 25 12:17 . dr-xrwxr-x 9 sshuser general 4096 May 6 11:48 .. - -r--r----- 1 sshuser general 1237 Apr 25 12:10 authorized_keys2 /home/sshuser/bin: drwx--x--- 2 ehud general 4096 May 19 12:20 . dr-xrwxr-x 9 sshuser general 4096 May 6 11:48 .. - -rw-rw---- 1 sshuser general 362064 Jun 6 15:02 .bash_hist - -r--r--r-- 1 ehud general 170 May 11 17:38 .bashrc - -rwxr-xr-x 1 root general 938400 Oct 13 2002 bash - -rwxr-xr-x 1 root root 36604 Aug 9 2001 cp - -rwxr-xr-x 1 root root 45948 Aug 9 2001 ls - -rwxr-xr-x 1 root root 43772 Aug 9 2001 mv - -rwxr-xr-x 1 root root 25884 Aug 9 2001 rm - -rwxr-xr-x 1 root general 34640 Nov 10 2003 scp - -rwxr-xr-x 1 ehud general 364116 May 11 20:16 su-scp.abs /home/sshuser/etc: drwxr-xr-x 2 root general 4096 May 5 11:35 . dr-xrwxr-x 9 sshuser general 4096 May 6 11:48 .. - -rw-r--r-- 1 ehud root 997 May 6 13:56 group - -rw-r--r-- 1 root root 803 Jul 16 2002 localtime - -rw-r--r-- 1 ehud general 255 Apr 22 16:21 passwd /home/sshuser/lib: drwx--x--- 2 root general 4096 Apr 22 17:55 . dr-xrwxr-x 9 sshuser general 4096 May 6 11:48 .. - -rwxr-xr-x 1 root root 485171 Sep 4 2001 ld-linux.so.2 - -rwxr-xr-x 1 root root 5772268 Sep 4 2001 libc.so.6 - -rwxr-xr-x 1 root root 85115 Sep 4 2001 libcrypt.so.1 - -rwxr-xr-x 1 root root 436784 Sep 4 2001 libnsl.so.1 - -rwxr-xr-x 1 root root 311370 Sep 4 2001 libnss_compat.so.2 - -rwxr-xr-x 1 root root 261460 Sep 4 2001 libnss_files.so.2 - -rwxr-xr-x 1 root root 11832 Jul 10 2001 libtermcap.so.2 - -rwxr-xr-x 1 root root 47872 Sep 4 2001 libutil.so.1 - -rwxr-xr-x 1 root root 59618 Aug 26 2001 libz.so.1 /home/sshuser/from_to: drwxrwx--- 2 sshuser general 4096 Jun 1 11:01 . dr-xrwxr-x 9 sshuser general 4096 May 6 11:48 .. 3. The /home/sshuser/etc/passwd entry is: sshuser:*:777:888:ssh user example :/:/bin/bash 4. The /home/sshuser/bin/.bashrc is: umask 133 enable -n umask HISTFILE=/bin/.bash_hist HISTSIZE=100 HISTFILESIZE= shopt -s histappend set -o history The `scp_login' program runs the command: "/usr/sbin/chroot /home/sshuser /bin/su-scp.abs 777 100 <ssh args>" this jails the user in /home/sshuser and then runs /home/sshuser/bin/su-scp.abs with the rest of the arguments. The `su-scp.abs' changes to the uid (arg1) and gid (arg2) and then runs "rbash --init-file /bin/.bashrc <ssh args>". The sshuser can run only commands found in /bin but no others (S/he can not scp executables because the .bashrc has `umask 133' in it, and umask is disabled). This solution has 1 security weakness - the `scp_login' is root sticky, so a user may use it to execute any program (by renaming it to su-scp.abs) as root. To overcome this the `scp_login' should check the uid when it starts. Another option is to install it on a computer that only serves "scp only" users. Ehud. - -- Ehud Karni Tel: +972-3-7966-561 /"\ Mivtach - Simon Fax: +972-3-7966-667 \ / ASCII Ribbon Campaign Insurance agencies (USA) voice mail and X Against HTML Mail http://www.mvs.co.il FAX: 1-815-5509341 / \ GnuPG: 98EA398D <http://www.keyserver.net/> Better Safe Than Sorry -----BEGIN PGP SIGNATURE----- Comment: use http://www.keyserver.net/ to get my key (and others) iD8DBQFAwzwSLFvTvpjqOY0RAhvbAJ91dvKjYZgAVVJeoETUjBb60CXISgCaAodk 5KXWkOAHkaOKqQD7pzUeoRM= =XqAm -----END PGP SIGNATURE----- ================================================================= To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
