Re: scp and sftp
The user can change to directories above their home. Is there a way to chroot them Use restricted bash shell for the user (/bin/rbash) in the /etc/passwd. This does not seem to affect sshd. I changed a user to use rbash but I could still go to a windows machine and use the putty program pscp to get a file from /etc. pscp [EMAIL PROTECTED]:/etc/passwd passwd.txt Maybe it's simply just not a feature of openssh. I think I'll investigate that chroot patch to sshd someone mentioned. I think they said it was for woody, but I'll see if it works with potato. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
re: scp and sftp
I think some of you misunderstood me. I was not clear about my concern. Users can ssh into my machine but their profiles are fixed to run a menu of things I allow them to do. Thus they can't get to the $ prompt and thus can't cd to other directories to see what's there. And even they did, permission are set so they could not overwrite important files. I simply don't want them to be able to read stuff not in their own home. Files like /etc/passwd,/etc/shadow,etc. Anything with information someone could use to locally exploit the machine. But you can use pscp from a windows machine and poke around and download files from places other than your home directory. If there is another email list that this is more appropriate for, let me know. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: scp and sftp
On Mon, Apr 01, 2002 at 10:04:50AM -0300, Pedro Zorzenon Neto wrote: With the following commands, you can copy files without scp: $ cat localfile | ssh somehost cat /somedir/remotefile $ ssh somehost cat /somedir/remotefile localfile So, it seems unusefull to disable scp and enable ssh... You might want to enable ssh with /usr/bin/passwd as user's shell. Disabling scp then seems to make sense. Marcin -- Marcin Owsiany [EMAIL PROTECTED] http://marcin.owsiany.pl/ GnuPG: 1024D/60F41216 FE67 DA2D 0ACA FC5E 3F75 D6F6 3A0D 8AA0 60F4 1216 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: scp and sftp
On Mon, Apr 01, 2002 at 10:35:35AM -0500, Jon McCain wrote: All of this has gotten me to thinking about another flaw in the way I have things set up. I'm preventing users from getting to a $ by running a menu from their profile. exec /usr/bin/menu This works fine since the exec causes menu to become their shell process. But some smart user could get around this by using pscp to upload their own .bash_profile. Even if I fix it so I have them chroot'd on their home would not prevent this since this file is in their home. But changing permissions on the .bash_profile so they don't own it (and not in their group) should take care of that problem. They can read it all they want, just not change it. Why not change the users' shell to /usr/bin/menu? Bye, Chris -- http://www.tuxedo.org/~esr/faqs/smart-questions.html __ _ -o)/ / (_)__ __ __ Chris Reeves /\\ /__/ / _ \/ // /\ \/ / ICQ# 22219005 _\_v __/_/_//_/\_,_/ /_/\_\ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: scp and sftp
On Mon, 2002-04-01 at 18:41, Jon McCain wrote: Chris Reeves wrote: Why not change the users' shell to /usr/bin/menu? Because they need to be able to transfer files to their home directories. If you do this, then ftp,pscp,etc won't work. My original goal was to allow them transfer files to/from home directory with something besides ftp (since they are going over the internet) but not allow them to change to directories above the home. Proftp allowed me to chroot them to the home but scp/sftp does not. Like I said in a previous post. SSH/SFTP/SCP will allow the same kind of chroot-ing proftp does, using the chroot-patch for openssh. You'll have to compile sshd yourself, and place some bins/libs in the user's homedirs (maybe hardlinks to some generic skeleton dir) Here is my ssh/chroot setup: . == chrooted users homedir: ./bin: total 660 drwxr-xr-x2 root root 4096 Mar 18 13:36 . drwxr-xr-x8 guestguest4096 Mar 15 16:53 .. -r-xr-xr-x1 root root 531160 Feb 6 22:36 bash -r-xr-xr-x1 root root43916 Nov 29 13:19 ls -r-xr-xr-x1 root root16684 Nov 29 13:19 mkdir -rwxr-xr-x1 root root23960 Mar 18 13:36 more -r-xr-xr-x1 root root 9916 Jul 26 2001 pwd -r-xr-xr-x1 root root24780 Nov 29 13:19 rm lrwxrwxrwx1 root root4 Mar 30 16:29 sh - bash ./etc: total 24 drwxr-xr-x2 root root 4096 Mar 15 16:13 . drwxr-xr-x8 guestguest4096 Mar 15 16:53 .. -rw-r--r--1 root root 54 Mar 15 13:23 group -rw-r--r--1 root root 428 Mar 15 15:56 hosts -rw-r--r--1 root root 44 Mar 15 15:53 passwd -rw-r--r--1 root root 52 Mar 15 13:23 shells ./lib: total 1848 drwxr-xr-x2 root root 4096 Mar 18 13:37 . drwxr-xr-x8 guestguest4096 Mar 15 16:53 .. -rwxr-xr-x1 root root92511 Mar 15 12:49 ld-linux.so.2 -rwxr-xr-x1 root root 1170812 Mar 15 12:49 libc.so.6 -rw-r--r--1 root root20900 Mar 15 13:01 libcrypt.so.1 -rw-r--r--1 root root 9436 Mar 15 12:49 libdl.so.2 -rw-r--r--1 root root 248132 Mar 15 12:48 libncurses.so.5 -rw-r--r--1 root root71332 Mar 15 13:00 libnsl.so.1 -rw-r--r--1 root root34144 Mar 15 16:10 libnss_files.so.2 -rw-r--r--1 root root29420 Mar 15 12:57 libpam.so.0 -rw-r--r--1 root root 105498 Mar 15 12:51 libpthread.so.0 -rw-r--r--1 root root25596 Mar 15 12:51 librt.so.1 -rw-r--r--1 root root 7760 Mar 15 12:59 libutil.so.1 -rw-r--r--1 root root24328 Mar 15 12:57 libwrap.so.0 ./usr: total 16 drwxr-xr-x4 root root 4096 Mar 15 13:00 . drwxr-xr-x8 guestguest4096 Mar 15 16:53 .. drwxr-xr-x2 root root 4096 Mar 15 15:55 bin drwxr-xr-x2 root root 4096 Mar 15 15:37 lib ./usr/bin: total 340 drwxr-xr-x2 root root 4096 Mar 15 15:55 . drwxr-xr-x4 root root 4096 Mar 15 13:00 .. -rwxr-xr-x1 root root10332 Mar 15 15:55 env -rwxr-xr-x1 root root13052 Mar 15 13:13 id -r-xr-xr-x1 root root25432 Mar 15 12:40 scp -rwxr-xr-x1 root root43768 Mar 15 15:15 sftp -r-sr-xr-x1 root root 218456 Mar 15 12:40 ssh -rwxr-xr-x1 root root 9692 Mar 15 13:17 tty ./usr/lib: total 852 drwxr-xr-x2 root root 4096 Mar 15 15:37 . drwxr-xr-x4 root root 4096 Mar 15 13:00 .. -rw-r--r--1 root root 771088 Mar 15 13:01 libcrypto.so.0.9.6 -rw-r--r--1 root root54548 Mar 15 13:00 libz.so.1 -rwxr-xr-x1 root root23096 Mar 15 15:37 sftp-server Some of these can probably be removed in your case, (i also allow some local commands, not only sftp/scp) Just make sure all these files are owned by root (or some other user) and not writable by the chrooted user. I can use vpn to let them safely use ftp over the internet. That's only way they can use ftp since the firewall blocks ftp from the internet. But that stills leaves the scp hole. Fixed :) The chroot-patch is at: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=139047repeatmerged=yes or: http://www.cag.lcs.mit.edu/~raoul/ -- Mark Janssen Unix / Linux, Open-Source and Internet Consultant SyConOS IT E-mail: mark(at)markjanssen.nl / maniac(at)maniac.nl GnuPG Key Id: 357D2178 Web: Maniac.nl Unix-God.[Net|Org] MarkJanssen.[com|net|org|nl] SyConOS.[com|nl] signature.asc Description: This is a digitally signed message part
Re: scp and sftp
On Mon, Apr 01, 2002 at 10:35:35AM -0500, Jon McCain wrote: But changing permissions on the .bash_profile so they don't own it (and not in their group) should take care of that problem. They can read it all they want, just not change it. A cleaner solution would be to make it immutable. (as root): chattr +i .bash_profile HTH -Rob -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: scp and sftp
On Mon, 01 Apr 2002 10:35:35 -0500, Jon McCain [EMAIL PROTECTED] was runoured to have said: All of this has gotten me to thinking about another flaw in the way I have things set up. I'm preventing users from getting to a $ by running a menu from their profile. exec /usr/bin/menu This works fine since the exec causes menu to become their shell process. But some smart user could get around this by using pscp to upload their own .bash_profile. Even if I fix it so I have them chroot'd on their home would not prevent this since this file is in their home. Their shell will already be chrooted by the time .bash_profile is run, so I don't see the problem here... Unless you don't want to give them a shell at all, for some reason? But changing permissions on the .bash_profile so they don't own it (and not in their group) should take care of that problem. They can read it all they want, just not change it. But they can remove and replace it with something else, since they own the parent dir. You'd have to turn on the sticky bit of their home dir and take away the ownership, e.g. ownership root.user's group and permissions 1770. This way they get a nice EPERM if they try to mess with anything they don't own in their home directory. Rgds, /-sb. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: scp and sftp
On Sat, Mar 30, 2002 at 10:24:28PM -0500, Jon McCain wrote: I've been playing around with the scp and sftp components of putty and noticed what I consider a security hole. Winscp does the same thing. The user can change to directories above their home. Is there a way to chroot them like you can in an ftp config file? I don't see anything in the sshd config files. If you can't, how can I disable the scp functionality? I'm not talking about scp from the linux box. The users don't have shell access so that's not a problem. I'm referring to remote people using a scp client to access my linux machine. You can disable sftp ability by removing the sftp-server program but the scp server part seems to be part of sshd. I did not see anything about this issue on the openssh web site. Anybody got any suggestions? With the following commands, you can copy files without scp: $ cat localfile | ssh somehost cat /somedir/remotefile $ ssh somehost cat /somedir/remotefile localfile So, it seems unusefull to disable scp and enable ssh... -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: scp and sftp
The user can change to directories above their home. Is there a way to chroot them Use restricted bash shell for the user (/bin/rbash) in the /etc/passwd. This does not seem to affect sshd. I changed a user to use rbash but I could still go to a windows machine and use the putty program pscp to get a file from /etc. pscp [EMAIL PROTECTED]:/etc/passwd passwd.txt Maybe it's simply just not a feature of openssh. I think I'll investigate that chroot patch to sshd someone mentioned. I think they said it was for woody, but I'll see if it works with potato. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
re: scp and sftp
I think some of you misunderstood me. I was not clear about my concern. Users can ssh into my machine but their profiles are fixed to run a menu of things I allow them to do. Thus they can't get to the $ prompt and thus can't cd to other directories to see what's there. And even they did, permission are set so they could not overwrite important files. I simply don't want them to be able to read stuff not in their own home. Files like /etc/passwd,/etc/shadow,etc. Anything with information someone could use to locally exploit the machine. But you can use pscp from a windows machine and poke around and download files from places other than your home directory. If there is another email list that this is more appropriate for, let me know. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: scp and sftp
On Mon, Apr 01, 2002 at 10:04:50AM -0300, Pedro Zorzenon Neto wrote: With the following commands, you can copy files without scp: $ cat localfile | ssh somehost cat /somedir/remotefile $ ssh somehost cat /somedir/remotefile localfile So, it seems unusefull to disable scp and enable ssh... You might want to enable ssh with /usr/bin/passwd as user's shell. Disabling scp then seems to make sense. Marcin -- Marcin Owsiany [EMAIL PROTECTED] http://marcin.owsiany.pl/ GnuPG: 1024D/60F41216 FE67 DA2D 0ACA FC5E 3F75 D6F6 3A0D 8AA0 60F4 1216 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
re: scp and sftp
All of this has gotten me to thinking about another flaw in the way I have things set up. I'm preventing users from getting to a $ by running a menu from their profile. exec /usr/bin/menu This works fine since the exec causes menu to become their shell process. But some smart user could get around this by using pscp to upload their own .bash_profile. Even if I fix it so I have them chroot'd on their home would not prevent this since this file is in their home. But changing permissions on the .bash_profile so they don't own it (and not in their group) should take care of that problem. They can read it all they want, just not change it. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: scp and sftp
On Mon, Apr 01, 2002 at 10:35:35AM -0500, Jon McCain wrote: All of this has gotten me to thinking about another flaw in the way I have things set up. I'm preventing users from getting to a $ by running a menu from their profile. exec /usr/bin/menu This works fine since the exec causes menu to become their shell process. But some smart user could get around this by using pscp to upload their own .bash_profile. Even if I fix it so I have them chroot'd on their home would not prevent this since this file is in their home. But changing permissions on the .bash_profile so they don't own it (and not in their group) should take care of that problem. They can read it all they want, just not change it. Why not change the users' shell to /usr/bin/menu? Bye, Chris -- http://www.tuxedo.org/~esr/faqs/smart-questions.html __ _ -o)/ / (_)__ __ __ Chris Reeves /\\ /__/ / _ \/ // /\ \/ / ICQ# 22219005 _\_v __/_/_//_/\_,_/ /_/\_\ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: scp and sftp
Chris Reeves wrote: Why not change the users' shell to /usr/bin/menu? Because they need to be able to transfer files to their home directories. If you do this, then ftp,pscp,etc won't work. My original goal was to allow them transfer files to/from home directory with something besides ftp (since they are going over the internet) but not allow them to change to directories above the home. Proftp allowed me to chroot them to the home but scp/sftp does not. I can use vpn to let them safely use ftp over the internet. That's only way they can use ftp since the firewall blocks ftp from the internet. But that stills leaves the scp hole. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: scp and sftp
On Mon, 2002-04-01 at 18:41, Jon McCain wrote: Chris Reeves wrote: Why not change the users' shell to /usr/bin/menu? Because they need to be able to transfer files to their home directories. If you do this, then ftp,pscp,etc won't work. My original goal was to allow them transfer files to/from home directory with something besides ftp (since they are going over the internet) but not allow them to change to directories above the home. Proftp allowed me to chroot them to the home but scp/sftp does not. Like I said in a previous post. SSH/SFTP/SCP will allow the same kind of chroot-ing proftp does, using the chroot-patch for openssh. You'll have to compile sshd yourself, and place some bins/libs in the user's homedirs (maybe hardlinks to some generic skeleton dir) Here is my ssh/chroot setup: . == chrooted users homedir: ./bin: total 660 drwxr-xr-x2 root root 4096 Mar 18 13:36 . drwxr-xr-x8 guestguest4096 Mar 15 16:53 .. -r-xr-xr-x1 root root 531160 Feb 6 22:36 bash -r-xr-xr-x1 root root43916 Nov 29 13:19 ls -r-xr-xr-x1 root root16684 Nov 29 13:19 mkdir -rwxr-xr-x1 root root23960 Mar 18 13:36 more -r-xr-xr-x1 root root 9916 Jul 26 2001 pwd -r-xr-xr-x1 root root24780 Nov 29 13:19 rm lrwxrwxrwx1 root root4 Mar 30 16:29 sh - bash ./etc: total 24 drwxr-xr-x2 root root 4096 Mar 15 16:13 . drwxr-xr-x8 guestguest4096 Mar 15 16:53 .. -rw-r--r--1 root root 54 Mar 15 13:23 group -rw-r--r--1 root root 428 Mar 15 15:56 hosts -rw-r--r--1 root root 44 Mar 15 15:53 passwd -rw-r--r--1 root root 52 Mar 15 13:23 shells ./lib: total 1848 drwxr-xr-x2 root root 4096 Mar 18 13:37 . drwxr-xr-x8 guestguest4096 Mar 15 16:53 .. -rwxr-xr-x1 root root92511 Mar 15 12:49 ld-linux.so.2 -rwxr-xr-x1 root root 1170812 Mar 15 12:49 libc.so.6 -rw-r--r--1 root root20900 Mar 15 13:01 libcrypt.so.1 -rw-r--r--1 root root 9436 Mar 15 12:49 libdl.so.2 -rw-r--r--1 root root 248132 Mar 15 12:48 libncurses.so.5 -rw-r--r--1 root root71332 Mar 15 13:00 libnsl.so.1 -rw-r--r--1 root root34144 Mar 15 16:10 libnss_files.so.2 -rw-r--r--1 root root29420 Mar 15 12:57 libpam.so.0 -rw-r--r--1 root root 105498 Mar 15 12:51 libpthread.so.0 -rw-r--r--1 root root25596 Mar 15 12:51 librt.so.1 -rw-r--r--1 root root 7760 Mar 15 12:59 libutil.so.1 -rw-r--r--1 root root24328 Mar 15 12:57 libwrap.so.0 ./usr: total 16 drwxr-xr-x4 root root 4096 Mar 15 13:00 . drwxr-xr-x8 guestguest4096 Mar 15 16:53 .. drwxr-xr-x2 root root 4096 Mar 15 15:55 bin drwxr-xr-x2 root root 4096 Mar 15 15:37 lib ./usr/bin: total 340 drwxr-xr-x2 root root 4096 Mar 15 15:55 . drwxr-xr-x4 root root 4096 Mar 15 13:00 .. -rwxr-xr-x1 root root10332 Mar 15 15:55 env -rwxr-xr-x1 root root13052 Mar 15 13:13 id -r-xr-xr-x1 root root25432 Mar 15 12:40 scp -rwxr-xr-x1 root root43768 Mar 15 15:15 sftp -r-sr-xr-x1 root root 218456 Mar 15 12:40 ssh -rwxr-xr-x1 root root 9692 Mar 15 13:17 tty ./usr/lib: total 852 drwxr-xr-x2 root root 4096 Mar 15 15:37 . drwxr-xr-x4 root root 4096 Mar 15 13:00 .. -rw-r--r--1 root root 771088 Mar 15 13:01 libcrypto.so.0.9.6 -rw-r--r--1 root root54548 Mar 15 13:00 libz.so.1 -rwxr-xr-x1 root root23096 Mar 15 15:37 sftp-server Some of these can probably be removed in your case, (i also allow some local commands, not only sftp/scp) Just make sure all these files are owned by root (or some other user) and not writable by the chrooted user. I can use vpn to let them safely use ftp over the internet. That's only way they can use ftp since the firewall blocks ftp from the internet. But that stills leaves the scp hole. Fixed :) The chroot-patch is at: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=139047repeatmerged=yes or: http://www.cag.lcs.mit.edu/~raoul/ -- Mark Janssen Unix / Linux, Open-Source and Internet Consultant @ SyConOS IT E-mail: mark(at)markjanssen.nl / maniac(at)maniac.nl GnuPG Key Id: 357D2178 Web: Maniac.nl Unix-God.[Net|Org] MarkJanssen.[com|net|org|nl] SyConOS.[com|nl] signature.asc Description: This is a digitally signed message part
Re: scp and sftp
On Mon, Apr 01, 2002 at 10:35:35AM -0500, Jon McCain wrote: But changing permissions on the .bash_profile so they don't own it (and not in their group) should take care of that problem. They can read it all they want, just not change it. A cleaner solution would be to make it immutable. (as root): chattr +i .bash_profile HTH -Rob -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: scp and sftp
On Mon, 01 Apr 2002 10:35:35 -0500, Jon McCain [EMAIL PROTECTED] was runoured to have said: All of this has gotten me to thinking about another flaw in the way I have things set up. I'm preventing users from getting to a $ by running a menu from their profile. exec /usr/bin/menu This works fine since the exec causes menu to become their shell process. But some smart user could get around this by using pscp to upload their own .bash_profile. Even if I fix it so I have them chroot'd on their home would not prevent this since this file is in their home. Their shell will already be chrooted by the time .bash_profile is run, so I don't see the problem here... Unless you don't want to give them a shell at all, for some reason? But changing permissions on the .bash_profile so they don't own it (and not in their group) should take care of that problem. They can read it all they want, just not change it. But they can remove and replace it with something else, since they own the parent dir. You'd have to turn on the sticky bit of their home dir and take away the ownership, e.g. ownership root.user's group and permissions 1770. This way they get a nice EPERM if they try to mess with anything they don't own in their home directory. Rgds, /-sb. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: scp and sftp
the commercial ssh server has an option to chroot to a user's home directory. there are patches available to openssh to do it also, though i don't know if they've been thoroughly audited. check out http://mail.incredimail.com/howto/openssh/ you can make sftp-server the user's shell to only allow sftp access. xn On Sat, Mar 30, 2002 at 10:24:28PM -0500, Jon McCain wrote: I've been playing around with the scp and sftp components of putty and noticed what I consider a security hole. Winscp does the same thing. The user can change to directories above their home. Is there a way to chroot them like you can in an ftp config file? I don't see anything in the sshd config files. If you can't, how can I disable the scp functionality? I'm not talking about scp from the linux box. The users don't have shell access so that's not a problem. I'm referring to remote people using a scp client to access my linux machine. You can disable sftp ability by removing the sftp-server program but the scp server part seems to be part of sshd. I did not see anything about this issue on the openssh web site. Anybody got any suggestions? -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: scp and sftp
On Sun, 2002-03-31 at 05:24, Jon McCain wrote: I've been playing around with the scp and sftp components of putty and noticed what I consider a security hole. Winscp does the same thing. The user can change to directories above their home. Is there a way to chroot them like you can in an ftp config file? I don't see anything in the sshd config files. If you can't, how can I disable the scp functionality? I'm not talking about scp from the linux box. The users don't have shell access so that's not a problem. I'm referring to remote people using a scp client to access my linux machine. You can disable sftp ability by removing the sftp-server program but the scp server part seems to be part of sshd. There is a chroot patch for SSH. You can find it in the Bug tracking system (I added it there a few weeks ago). http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=139047repeatmerged=yes If you apply that patch to your SSHd and modify the /etc/passwd file by using the special token '/./' in the user's homedir he will be chrooted at the token. Example: joeuser:x:1099:1099:Joe Random User:/home/joe/./:/bin/bash Now joeuser will be chrooted to /home/joe This works for SSH and SCP / SFTP etc of course. Mark Janssen I did not see anything about this issue on the openssh web site. Anybody got any suggestions? -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] -- Mark Janssen Unix / Linux, Open-Source and Internet Consultant @ SyConOS IT E-mail: mark(at)markjanssen.nl / maniac(at)maniac.nl GnuPG Key Id: 357D2178 Web: Maniac.nl Unix-God.[Net|Org] MarkJanssen.[com|net|org|nl] SyConOS.[com|nl] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: scp and sftp
On Sat, Mar 30, 2002 at 10:24:28PM -0500, Jon McCain wrote: I've been playing around with the scp and sftp components of putty and noticed what I consider a security hole. Winscp does the same thing. The user can change to directories above their home. Is there a way to chroot them like you can in an ftp config file? I don't see anything in the sshd config files. If you can't, how can I disable the scp functionality? I'm not talking about scp from the linux box. The users don't have shell access so that's not a problem. I'm referring to remote people using a scp client to access my linux machine. You can disable sftp ability by removing the sftp-server program but the scp server part seems to be part of sshd. I did not see anything about this issue on the openssh web site. Anybody got any suggestions? I've got a debian package with the chroot patch enabled, and search this mailing list, there was some discussions about that last year. You can get my package for woody here: http://debian.home-dn.net/woody/ ssh/ Debian people question: What about making a ssh-chroot package, made of the current ssh package and just the chroot patch enabled? It will be easier to maintains systems with the need of chroot and, as it will be more used, there will be more people to really audit it! -- Easter-eggsSpécialiste GNU/Linux 44-46 rue de l'Ouest - 75014 Paris - France - Métro Gaité Phone: +33 (0) 1 43 35 00 37- Fax: +33 (0) 1 41 35 00 76 mailto:[EMAIL PROTECTED] -http://www.easter-eggs.com msg06135/pgp0.pgp Description: PGP signature
Re: scp and sftp
I've been playing around with the scp and sftp components of putty and noticed what I consider a security hole. Winscp does the same thing. The user can change to directories above their home. Is there a way to chroot them like you can in an ftp config file? scp is merely a way to use a ssh shell login to up and download a file, it has the same restrictions a ssh session would have. when you login using ssh you can do cd .. too...so I don't see the security problem. I don't see anything in the sshd config files. If you can't, how can I disable the scp functionality? I'm not talking about scp from the linux box. The users don't have shell access so that's not a problem. I'm referring to remote people using a scp client to access my linux machine. You can disable sftp ability by removing the sftp-server program but the scp server part seems to be part of sshd. your users can't connect with the same l/p using ssh? that would be really weird. I did not see anything about this issue on the openssh web site. Anybody got any suggestions? That doesn't surprise me since this is not a bug or strange feature. Greetz, Ivo van Dongen -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: scp and sftp
- Original Message - From: Jon McCain Sent: Sunday, March 31, 2002 8:54 AM The user can change to directories above their home. Is there a way to chroot them Use restricted bash shell for the user (/bin/rbash) in the /etc/passwd. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: scp and sftp
the commercial ssh server has an option to chroot to a user's home directory. there are patches available to openssh to do it also, though i don't know if they've been thoroughly audited. check out http://mail.incredimail.com/howto/openssh/ you can make sftp-server the user's shell to only allow sftp access. xn On Sat, Mar 30, 2002 at 10:24:28PM -0500, Jon McCain wrote: I've been playing around with the scp and sftp components of putty and noticed what I consider a security hole. Winscp does the same thing. The user can change to directories above their home. Is there a way to chroot them like you can in an ftp config file? I don't see anything in the sshd config files. If you can't, how can I disable the scp functionality? I'm not talking about scp from the linux box. The users don't have shell access so that's not a problem. I'm referring to remote people using a scp client to access my linux machine. You can disable sftp ability by removing the sftp-server program but the scp server part seems to be part of sshd. I did not see anything about this issue on the openssh web site. Anybody got any suggestions? -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: scp and sftp
On Sun, 2002-03-31 at 05:24, Jon McCain wrote: I've been playing around with the scp and sftp components of putty and noticed what I consider a security hole. Winscp does the same thing. The user can change to directories above their home. Is there a way to chroot them like you can in an ftp config file? I don't see anything in the sshd config files. If you can't, how can I disable the scp functionality? I'm not talking about scp from the linux box. The users don't have shell access so that's not a problem. I'm referring to remote people using a scp client to access my linux machine. You can disable sftp ability by removing the sftp-server program but the scp server part seems to be part of sshd. There is a chroot patch for SSH. You can find it in the Bug tracking system (I added it there a few weeks ago). http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=139047repeatmerged=yes If you apply that patch to your SSHd and modify the /etc/passwd file by using the special token '/./' in the user's homedir he will be chrooted at the token. Example: joeuser:x:1099:1099:Joe Random User:/home/joe/./:/bin/bash Now joeuser will be chrooted to /home/joe This works for SSH and SCP / SFTP etc of course. Mark Janssen I did not see anything about this issue on the openssh web site. Anybody got any suggestions? -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] -- Mark Janssen Unix / Linux, Open-Source and Internet Consultant @ SyConOS IT E-mail: mark(at)markjanssen.nl / maniac(at)maniac.nl GnuPG Key Id: 357D2178 Web: Maniac.nl Unix-God.[Net|Org] MarkJanssen.[com|net|org|nl] SyConOS.[com|nl] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: scp and sftp
On Sat, Mar 30, 2002 at 10:24:28PM -0500, Jon McCain wrote: I've been playing around with the scp and sftp components of putty and noticed what I consider a security hole. Winscp does the same thing. The user can change to directories above their home. Is there a way to chroot them like you can in an ftp config file? I don't see anything in the sshd config files. If you can't, how can I disable the scp functionality? I'm not talking about scp from the linux box. The users don't have shell access so that's not a problem. I'm referring to remote people using a scp client to access my linux machine. You can disable sftp ability by removing the sftp-server program but the scp server part seems to be part of sshd. I did not see anything about this issue on the openssh web site. Anybody got any suggestions? I've got a debian package with the chroot patch enabled, and search this mailing list, there was some discussions about that last year. You can get my package for woody here: http://debian.home-dn.net/woody/ ssh/ Debian people question: What about making a ssh-chroot package, made of the current ssh package and just the chroot patch enabled? It will be easier to maintains systems with the need of chroot and, as it will be more used, there will be more people to really audit it! -- Easter-eggsSpécialiste GNU/Linux 44-46 rue de l'Ouest - 75014 Paris - France - Métro Gaité Phone: +33 (0) 1 43 35 00 37- Fax: +33 (0) 1 41 35 00 76 mailto:[EMAIL PROTECTED] -http://www.easter-eggs.com pgpHsuWMebkjt.pgp Description: PGP signature
Re: scp and sftp
I've been playing around with the scp and sftp components of putty and noticed what I consider a security hole. Winscp does the same thing. The user can change to directories above their home. Is there a way to chroot them like you can in an ftp config file? scp is merely a way to use a ssh shell login to up and download a file, it has the same restrictions a ssh session would have. when you login using ssh you can do cd .. too...so I don't see the security problem. I don't see anything in the sshd config files. If you can't, how can I disable the scp functionality? I'm not talking about scp from the linux box. The users don't have shell access so that's not a problem. I'm referring to remote people using a scp client to access my linux machine. You can disable sftp ability by removing the sftp-server program but the scp server part seems to be part of sshd. your users can't connect with the same l/p using ssh? that would be really weird. I did not see anything about this issue on the openssh web site. Anybody got any suggestions? That doesn't surprise me since this is not a bug or strange feature. Greetz, Ivo van Dongen -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: scp and sftp
- Original Message - From: Jon McCain Sent: Sunday, March 31, 2002 8:54 AM The user can change to directories above their home. Is there a way to chroot them Use restricted bash shell for the user (/bin/rbash) in the /etc/passwd. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: scp and sftp
Jon McCain [EMAIL PROTECTED] cum veritate scripsit: I've been playing around with the scp and sftp components of putty and noticed what I consider a security hole. Winscp does the same thing. The user can change to directories above their home. Is there a way to chroot them like you can in an ftp config file? I don't see anything in the sshd config files. If you can't, how can I disable the scp functionality? I'm not talking about scp from the linux box. The users don't have shell access so that's not a problem. I'm referring to remote people using a scp client to access my linux machine. You can disable sftp ability by removing the sftp-server program but the scp server part seems to be part of sshd. I'd be interested to know how you give scp access without giving shell access. regards, junichi -- [EMAIL PROTECTED] : Junichi Uekawa http://www.netfort.gr.jp/~dancer GPG Fingerprint : 17D6 120E 4455 1832 9423 7447 3059 BF92 CD37 56F4 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: scp and sftp
hi ya i'd do it with automounter w/ ssh ??? mount remote:/home/httpd/html /mnt/html scp /home/user/new_site.html /mnt/html sync umount /mnt/html mount is not needed if it is configured to auotmount and user does NOT need shell account on the remote web server you also cannot cd / on the remote pc either... if remote.foo.com is locally accessible ( 192.168.xx ) to user_pc.foo.com than its not a bigg issue... fairly simple and sorta safe?? c ya alvin On Sun, 31 Mar 2002, Junichi Uekawa wrote: Jon McCain [EMAIL PROTECTED] cum veritate scripsit: I've been playing around with the scp and sftp components of putty and noticed what I consider a security hole. Winscp does the same thing. The user can change to directories above their home. Is there a way to chroot them like you can in an ftp config file? I don't see anything in the sshd config files. If you can't, how can I disable the scp functionality? I'm not talking about scp from the linux box. The users don't have shell access so that's not a problem. I'm referring to remote people using a scp client to access my linux machine. You can disable sftp ability by removing the sftp-server program but the scp server part seems to be part of sshd. I'd be interested to know how you give scp access without giving shell access. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: scp and sftp
hi ya i'd do it with automounter w/ ssh ??? mount remote:/home/httpd/html /mnt/html scp /home/user/new_site.html /mnt/html sync umount /mnt/html mount is not needed if it is configured to auotmount and user does NOT need shell account on the remote web server you also cannot cd / on the remote pc either... if remote.foo.com is locally accessible ( 192.168.xx ) to user_pc.foo.com than its not a bigg issue... fairly simple and sorta safe?? c ya alvin On Sun, 31 Mar 2002, Junichi Uekawa wrote: Jon McCain [EMAIL PROTECTED] cum veritate scripsit: I've been playing around with the scp and sftp components of putty and noticed what I consider a security hole. Winscp does the same thing. The user can change to directories above their home. Is there a way to chroot them like you can in an ftp config file? I don't see anything in the sshd config files. If you can't, how can I disable the scp functionality? I'm not talking about scp from the linux box. The users don't have shell access so that's not a problem. I'm referring to remote people using a scp client to access my linux machine. You can disable sftp ability by removing the sftp-server program but the scp server part seems to be part of sshd. I'd be interested to know how you give scp access without giving shell access. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]