Re: Kernel 2.4 SOS

2001-06-13 Thread Jon McCain
Craig wrote: Goodday ladies and fellas I have potato installed on a box that will be a proxy and firewall. I needed to have the facility of port forwarding so i was told to install kernel 2.4. Does kernel 2.4 have some special feature of port forwarding that the 2.2.x kernels don't

scp and sftp

2002-03-30 Thread Jon McCain
I've been playing around with the scp and sftp components of putty and noticed what I consider a security hole. Winscp does the same thing. The user can change to directories above their home. Is there a way to chroot them like you can in an ftp config file? I don't see anything in the sshd

re: scp and ftp

2002-04-01 Thread Jon McCain
I'm not sure if this message made it through. Our ISP was having problems this morning. Sorry if you get this message twice. I think some of you misunderstood me. I was not clear about my concern. Users can ssh into my machine but their profiles are fixed to run a menu of things I allow them

Re: scp and sftp

2002-04-01 Thread Jon McCain
The user can change to directories above their home. Is there a way to chroot them Use restricted bash shell for the user (/bin/rbash) in the /etc/passwd. This does not seem to affect sshd. I changed a user to use rbash but I could still go to a windows machine and use the putty

re: scp and sftp

2002-04-01 Thread Jon McCain
I think some of you misunderstood me. I was not clear about my concern. Users can ssh into my machine but their profiles are fixed to run a menu of things I allow them to do. Thus they can't get to the $ prompt and thus can't cd to other directories to see what's there. And even they did,

Re: secure file transfer

2002-06-04 Thread Jon McCain
to a $ prompt. You also have to define your menu script as a shell (/etc/shell) so regular ftp will still work. -- ___ (@ @) --oOo--(_)--oOo--- Jon McCainEmail: [EMAIL PROTECTED] Sr. Programmer

Re: Kernel 2.4 SOS

2001-06-13 Thread Jon McCain
Craig wrote: Goodday ladies and fellas I have potato installed on a box that will be a proxy and firewall. I needed to have the facility of port forwarding so i was told to install kernel 2.4. Does kernel 2.4 have some special feature of port forwarding that the 2.2.x kernels don't

scp and sftp

2002-03-30 Thread Jon McCain
I've been playing around with the scp and sftp components of putty and noticed what I consider a security hole. Winscp does the same thing. The user can change to directories above their home. Is there a way to chroot them like you can in an ftp config file? I don't see anything in the sshd

re: scp and ftp

2002-04-01 Thread Jon McCain
I'm not sure if this message made it through. Our ISP was having problems this morning. Sorry if you get this message twice. I think some of you misunderstood me. I was not clear about my concern. Users can ssh into my machine but their profiles are fixed to run a menu of things I allow them

Re: scp and sftp

2002-04-01 Thread Jon McCain
The user can change to directories above their home. Is there a way to chroot them Use restricted bash shell for the user (/bin/rbash) in the /etc/passwd. This does not seem to affect sshd. I changed a user to use rbash but I could still go to a windows machine and use the putty

re: scp and sftp

2002-04-01 Thread Jon McCain
I think some of you misunderstood me. I was not clear about my concern. Users can ssh into my machine but their profiles are fixed to run a menu of things I allow them to do. Thus they can't get to the $ prompt and thus can't cd to other directories to see what's there. And even they did,

re: scp and sftp

2002-04-01 Thread Jon McCain
All of this has gotten me to thinking about another flaw in the way I have things set up. I'm preventing users from getting to a $ by running a menu from their profile. exec /usr/bin/menu This works fine since the exec causes menu to become their shell process. But some smart user could get

Re: scp and sftp

2002-04-01 Thread Jon McCain
Chris Reeves wrote: Why not change the users' shell to /usr/bin/menu? Because they need to be able to transfer files to their home directories. If you do this, then ftp,pscp,etc won't work. My original goal was to allow them transfer files to/from home directory with something besides ftp

Re: secure file transfer

2002-06-04 Thread Jon McCain
to a $ prompt. You also have to define your menu script as a shell (/etc/shell) so regular ftp will still work. -- ___ (@ @) --oOo--(_)--oOo--- Jon McCainEmail: [EMAIL PROTECTED] Sr. Programmer

Re: secure file transfer

2002-06-05 Thread Jon McCain
/mysql:/bin/false You don't want to sacrifice security for convenience. ___ (@ @) --oOo--(_)--oOo--- Jon McCainEmail: [EMAIL PROTECTED] Sr. ProgrammerVoice: 912-355-3213