Re: on potato's proftpd
also sprach Ivo Timmermans <[EMAIL PROTECTED]> [2002.03.30.0845 +0100]: > > okay, but noone knows about it. why isn't it on security.debian.org > > yet??? > > Beats me... i don't get it. will someone please push this package ivo made as an NMU into security.debian.org ASAP? i'd do it myself, but i am still waiting for DAM approval... -- martin; (greetings from the heart of the sun.) \ echo mailto: !#^."<*>"|tr "<*> mailto:"; net@madduck "it would be truly surprising if sound were not capable of suggesting colour, if colours could not give the idea of the melody, if sound and colour were not adequate to express ideas." -- claude debussy msg06127/pgp0.pgp Description: PGP signature
scp and sftp
I've been playing around with the scp and sftp components of putty and noticed what I consider a security hole. Winscp does the same thing. The user can change to directories above their home. Is there a way to chroot them like you can in an ftp config file? I don't see anything in the sshd config files. If you can't, how can I disable the scp functionality? I'm not talking about scp from the linux box. The users don't have shell access so that's not a problem. I'm referring to remote people using a scp client to access my linux machine. You can disable sftp ability by removing the sftp-server program but the scp server part seems to be part of sshd. I did not see anything about this issue on the openssh web site. Anybody got any suggestions? -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: scp and sftp
Jon McCain <[EMAIL PROTECTED]> cum veritate scripsit: > I've been playing around with the scp and sftp components of putty and > noticed what I consider a security hole. Winscp does the same thing. > The user can change to directories above their home. Is there a way to > chroot them like you can in an ftp config file? I don't see anything in > the sshd config files. If you can't, how can I disable the scp > functionality? I'm not talking about scp from the linux box. The users > don't have shell access so that's not a problem. I'm referring to > remote people using a scp client to access my linux machine. You can > disable sftp ability by removing the sftp-server program but the scp > server part seems to be part of sshd. I'd be interested to know how you give scp access without giving shell access. regards, junichi -- [EMAIL PROTECTED] : Junichi Uekawa http://www.netfort.gr.jp/~dancer GPG Fingerprint : 17D6 120E 4455 1832 9423 7447 3059 BF92 CD37 56F4 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: scp and sftp
hi ya i'd do it with automounter w/ ssh ??? mount remote:/home/httpd/html /mnt/html scp /home/user/new_site.html /mnt/html sync umount /mnt/html mount is not needed if it is configured to auotmount and does NOT need shell account on the remote web server you also cannot cd / on the remote pc either... if remote.foo.com is locally accessible ( 192.168.xx ) to user_pc.foo.com than its not a bigg issue... fairly simple and sorta safe?? c ya alvin On Sun, 31 Mar 2002, Junichi Uekawa wrote: > Jon McCain <[EMAIL PROTECTED]> cum veritate scripsit: > > > I've been playing around with the scp and sftp components of putty and > > noticed what I consider a security hole. Winscp does the same thing. > > The user can change to directories above their home. Is there a way to > > chroot them like you can in an ftp config file? I don't see anything in > > the sshd config files. If you can't, how can I disable the scp > > functionality? I'm not talking about scp from the linux box. The users > > don't have shell access so that's not a problem. I'm referring to > > remote people using a scp client to access my linux machine. You can > > disable sftp ability by removing the sftp-server program but the scp > > server part seems to be part of sshd. > > I'd be interested to know how you give scp access without > giving shell access. > -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: on potato's proftpd
martin f krafft wrote: > also sprach Noah Meyerhans <[EMAIL PROTECTED]> [2002.03.29.2332 +0100]: > > Such a package has existed at http://people.debian.org/~ivo/ for over a > > year. > > okay, but noone knows about it. why isn't it on security.debian.org > yet??? Beats me... Ivo -- Hey, it compiles! Ship it! -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: on potato's proftpd
also sprach Ivo Timmermans <[EMAIL PROTECTED]> [2002.03.30.0845 +0100]: > > okay, but noone knows about it. why isn't it on security.debian.org > > yet??? > > Beats me... i don't get it. will someone please push this package ivo made as an NMU into security.debian.org ASAP? i'd do it myself, but i am still waiting for DAM approval... -- martin; (greetings from the heart of the sun.) \ echo mailto: !#^."<*>"|tr "<*> mailto:"; [EMAIL PROTECTED] "it would be truly surprising if sound were not capable of suggesting colour, if colours could not give the idea of the melody, if sound and colour were not adequate to express ideas." -- claude debussy pgp0lYkJCFcZl.pgp Description: PGP signature
scp and sftp
I've been playing around with the scp and sftp components of putty and noticed what I consider a security hole. Winscp does the same thing. The user can change to directories above their home. Is there a way to chroot them like you can in an ftp config file? I don't see anything in the sshd config files. If you can't, how can I disable the scp functionality? I'm not talking about scp from the linux box. The users don't have shell access so that's not a problem. I'm referring to remote people using a scp client to access my linux machine. You can disable sftp ability by removing the sftp-server program but the scp server part seems to be part of sshd. I did not see anything about this issue on the openssh web site. Anybody got any suggestions? -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: scp and sftp
Jon McCain <[EMAIL PROTECTED]> cum veritate scripsit: > I've been playing around with the scp and sftp components of putty and > noticed what I consider a security hole. Winscp does the same thing. > The user can change to directories above their home. Is there a way to > chroot them like you can in an ftp config file? I don't see anything in > the sshd config files. If you can't, how can I disable the scp > functionality? I'm not talking about scp from the linux box. The users > don't have shell access so that's not a problem. I'm referring to > remote people using a scp client to access my linux machine. You can > disable sftp ability by removing the sftp-server program but the scp > server part seems to be part of sshd. I'd be interested to know how you give scp access without giving shell access. regards, junichi -- [EMAIL PROTECTED] : Junichi Uekawa http://www.netfort.gr.jp/~dancer GPG Fingerprint : 17D6 120E 4455 1832 9423 7447 3059 BF92 CD37 56F4 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: scp and sftp
hi ya i'd do it with automounter w/ ssh ??? mount remote:/home/httpd/html /mnt/html scp /home/user/new_site.html /mnt/html sync umount /mnt/html mount is not needed if it is configured to auotmount and does NOT need shell account on the remote web server you also cannot cd / on the remote pc either... if remote.foo.com is locally accessible ( 192.168.xx ) to user_pc.foo.com than its not a bigg issue... fairly simple and sorta safe?? c ya alvin On Sun, 31 Mar 2002, Junichi Uekawa wrote: > Jon McCain <[EMAIL PROTECTED]> cum veritate scripsit: > > > I've been playing around with the scp and sftp components of putty and > > noticed what I consider a security hole. Winscp does the same thing. > > The user can change to directories above their home. Is there a way to > > chroot them like you can in an ftp config file? I don't see anything in > > the sshd config files. If you can't, how can I disable the scp > > functionality? I'm not talking about scp from the linux box. The users > > don't have shell access so that's not a problem. I'm referring to > > remote people using a scp client to access my linux machine. You can > > disable sftp ability by removing the sftp-server program but the scp > > server part seems to be part of sshd. > > I'd be interested to know how you give scp access without > giving shell access. > -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]