scp and sftp

2002-03-30 Thread Jon McCain

I've been playing around with the scp and sftp components of putty and
noticed what I consider a security hole.  Winscp does the same thing. 
The user can change to directories above their home.  Is there a way to
chroot them like you can in an ftp config file?  I don't see anything in
the sshd config files.  If you can't, how can I disable the scp
functionality?  I'm not talking about scp from the linux box.  The users
don't have shell access so that's not a problem.  I'm referring to
remote people using a scp client to access my linux machine.  You can
disable sftp ability by removing the sftp-server program but the scp
server part seems to be part of sshd.

I did not see anything about this issue on the openssh web site. 
Anybody got any suggestions?


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]




Re: scp and sftp

2002-03-30 Thread Junichi Uekawa

Jon McCain [EMAIL PROTECTED] cum veritate scripsit:

 I've been playing around with the scp and sftp components of putty and
 noticed what I consider a security hole.  Winscp does the same thing. 
 The user can change to directories above their home.  Is there a way to
 chroot them like you can in an ftp config file?  I don't see anything in
 the sshd config files.  If you can't, how can I disable the scp
 functionality?  I'm not talking about scp from the linux box.  The users
 don't have shell access so that's not a problem.  I'm referring to
 remote people using a scp client to access my linux machine.  You can
 disable sftp ability by removing the sftp-server program but the scp
 server part seems to be part of sshd.

I'd be interested to know how you give scp access without 
giving shell access.




regards,
junichi

-- 
[EMAIL PROTECTED] : Junichi Uekawa   http://www.netfort.gr.jp/~dancer
GPG Fingerprint : 17D6 120E 4455 1832 9423  7447 3059 BF92 CD37 56F4


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]




Re: scp and sftp

2002-03-30 Thread Alvin Oga


hi ya

i'd do it with automounter w/ ssh ???

mount  remote:/home/httpd/html /mnt/html
scp /home/user/new_site.html  /mnt/html
sync
umount /mnt/html

mount is not needed if it is configured to auotmount
and user does NOT need shell account on the remote web server

you also cannot cd /  on the remote pc either...


if remote.foo.com is locally accessible ( 192.168.xx ) to
user_pc.foo.com than its not a bigg issue... fairly simple 
and sorta safe??

c ya
alvin


On Sun, 31 Mar 2002, Junichi Uekawa wrote:

 Jon McCain [EMAIL PROTECTED] cum veritate scripsit:
 
  I've been playing around with the scp and sftp components of putty and
  noticed what I consider a security hole.  Winscp does the same thing. 
  The user can change to directories above their home.  Is there a way to
  chroot them like you can in an ftp config file?  I don't see anything in
  the sshd config files.  If you can't, how can I disable the scp
  functionality?  I'm not talking about scp from the linux box.  The users
  don't have shell access so that's not a problem.  I'm referring to
  remote people using a scp client to access my linux machine.  You can
  disable sftp ability by removing the sftp-server program but the scp
  server part seems to be part of sshd.
 
 I'd be interested to know how you give scp access without 
 giving shell access.
 


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]




Re: on potato's proftpd

2002-03-30 Thread Ivo Timmermans
martin f krafft wrote:
 also sprach Noah Meyerhans [EMAIL PROTECTED] [2002.03.29.2332 +0100]:
  Such a package has existed at http://people.debian.org/~ivo/ for over a
  year.
 
 okay, but noone knows about it. why isn't it on security.debian.org
 yet???

Beats me...


Ivo

-- 
Hey, it compiles!  Ship it!


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]



Re: on potato's proftpd

2002-03-30 Thread martin f krafft
also sprach Ivo Timmermans [EMAIL PROTECTED] [2002.03.30.0845 +0100]:
  okay, but noone knows about it. why isn't it on security.debian.org
  yet???
 
 Beats me...

i don't get it. will someone please push this package ivo made as an
NMU into security.debian.org ASAP? i'd do it myself, but i am still
waiting for DAM approval...

-- 
martin;  (greetings from the heart of the sun.)
  \ echo mailto: !#^.*|tr * mailto:; [EMAIL PROTECTED]
  
it would be truly surprising
 if sound were not capable of suggesting colour,
 if colours could not give the idea of the melody,
 if sound and colour were not adequate to express ideas.
 -- claude debussy


pgp0lYkJCFcZl.pgp
Description: PGP signature


scp and sftp

2002-03-30 Thread Jon McCain
I've been playing around with the scp and sftp components of putty and
noticed what I consider a security hole.  Winscp does the same thing. 
The user can change to directories above their home.  Is there a way to
chroot them like you can in an ftp config file?  I don't see anything in
the sshd config files.  If you can't, how can I disable the scp
functionality?  I'm not talking about scp from the linux box.  The users
don't have shell access so that's not a problem.  I'm referring to
remote people using a scp client to access my linux machine.  You can
disable sftp ability by removing the sftp-server program but the scp
server part seems to be part of sshd.

I did not see anything about this issue on the openssh web site. 
Anybody got any suggestions?


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]



Re: scp and sftp

2002-03-30 Thread Alvin Oga

hi ya

i'd do it with automounter w/ ssh ???

mount  remote:/home/httpd/html /mnt/html
scp /home/user/new_site.html  /mnt/html
sync
umount /mnt/html

mount is not needed if it is configured to auotmount
and user does NOT need shell account on the remote web server

you also cannot cd /  on the remote pc either...


if remote.foo.com is locally accessible ( 192.168.xx ) to
user_pc.foo.com than its not a bigg issue... fairly simple 
and sorta safe??

c ya
alvin


On Sun, 31 Mar 2002, Junichi Uekawa wrote:

 Jon McCain [EMAIL PROTECTED] cum veritate scripsit:
 
  I've been playing around with the scp and sftp components of putty and
  noticed what I consider a security hole.  Winscp does the same thing. 
  The user can change to directories above their home.  Is there a way to
  chroot them like you can in an ftp config file?  I don't see anything in
  the sshd config files.  If you can't, how can I disable the scp
  functionality?  I'm not talking about scp from the linux box.  The users
  don't have shell access so that's not a problem.  I'm referring to
  remote people using a scp client to access my linux machine.  You can
  disable sftp ability by removing the sftp-server program but the scp
  server part seems to be part of sshd.
 
 I'd be interested to know how you give scp access without 
 giving shell access.
 


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]