Re: scp and sftp

2002-04-01 Thread Jon McCain

 
  The user can change to directories above their home.
  Is there a way to chroot them
 
 Use restricted bash shell for the user (/bin/rbash) in the
 /etc/passwd.
 

This does not seem to affect sshd.  I changed a user to use rbash but I
could still go to a windows machine and use the putty program pscp to
get a file from /etc.   

pscp [EMAIL PROTECTED]:/etc/passwd passwd.txt


Maybe it's simply just not a feature of openssh. I think I'll
investigate that chroot patch to sshd someone mentioned.  I think they
said it was for woody, but I'll see if it works with potato.


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]




re: scp and sftp

2002-04-01 Thread Jon McCain

I think some of you misunderstood me.  I was not clear about my
concern.  Users can ssh into my machine but their profiles are fixed to
run a menu of things I allow them to do.  Thus they can't get to the $
prompt and thus can't cd to other directories to see what's there.  And
even they did, permission are set so they could not overwrite important
files.  I simply don't want them to be able to read stuff not in their
own home.  Files like /etc/passwd,/etc/shadow,etc. Anything with
information someone could use to locally exploit the machine.  But you
can use pscp from a windows machine and poke around and download files
from places other than your home directory.

If there is another email list that this is more appropriate for, let me
know.


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]




Re: scp and sftp

2002-04-01 Thread Marcin Owsiany

On Mon, Apr 01, 2002 at 10:04:50AM -0300, Pedro Zorzenon Neto wrote:
 With the following commands, you can copy files without scp:
 
   $ cat localfile | ssh somehost cat  /somedir/remotefile
   $ ssh somehost cat /somedir/remotefile  localfile
 
 So, it seems unusefull to disable scp and enable ssh...

You might want to enable ssh with /usr/bin/passwd as user's shell.
Disabling scp then seems to make sense.

Marcin
-- 
Marcin Owsiany [EMAIL PROTECTED] http://marcin.owsiany.pl/
GnuPG: 1024D/60F41216  FE67 DA2D 0ACA FC5E 3F75  D6F6 3A0D 8AA0 60F4 1216


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]




Re: scp and sftp

2002-04-01 Thread Chris Reeves

On Mon, Apr 01, 2002 at 10:35:35AM -0500, Jon McCain wrote:
 All of this has gotten me to thinking about another flaw in the way I
 have things set up.  I'm preventing users from getting to a $ by running
 a menu from their profile.
 
 exec /usr/bin/menu
 
 This works fine since the exec causes menu to become their shell
 process.
 
 But some smart user could get around this by using pscp to upload their
 own .bash_profile.  Even if I fix it so I have them chroot'd on their
 home would not prevent this since this file is in their home.
 
 But changing permissions on the .bash_profile so they don't own it (and
 not in their group) should take care of that problem.  They can read it
 all they want, just not change it.

Why not change the users' shell to /usr/bin/menu? 

Bye,
Chris
-- 
http://www.tuxedo.org/~esr/faqs/smart-questions.html
  __   _
  -o)/ /  (_)__  __   __  Chris Reeves
  /\\ /__/ / _ \/ // /\ \/ /  ICQ# 22219005
 _\_v __/_/_//_/\_,_/ /_/\_\


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]




Re: scp and sftp

2002-04-01 Thread Mark Janssen

On Mon, 2002-04-01 at 18:41, Jon McCain wrote:
 Chris Reeves wrote:
  
  Why not change the users' shell to /usr/bin/menu?
  
 
 Because they need to be able to transfer files to their home
 directories.  If you do this, then ftp,pscp,etc won't work.  My original
 goal was to allow them transfer files to/from home directory with
 something besides ftp (since they are going over the internet) but not
 allow them to change to directories above the home.  Proftp allowed me
 to chroot them to the home but scp/sftp does not.

Like I said in a previous post. SSH/SFTP/SCP will allow the same kind of
chroot-ing proftp does, using the chroot-patch for openssh. You'll have
to compile sshd yourself, and place some bins/libs in the user's
homedirs (maybe hardlinks to some generic skeleton dir)

Here is my ssh/chroot setup:

. == chrooted users homedir:

./bin:
total 660
drwxr-xr-x2 root root 4096 Mar 18 13:36 .
drwxr-xr-x8 guestguest4096 Mar 15 16:53 ..
-r-xr-xr-x1 root root   531160 Feb  6 22:36 bash
-r-xr-xr-x1 root root43916 Nov 29 13:19 ls
-r-xr-xr-x1 root root16684 Nov 29 13:19 mkdir
-rwxr-xr-x1 root root23960 Mar 18 13:36 more
-r-xr-xr-x1 root root 9916 Jul 26  2001 pwd
-r-xr-xr-x1 root root24780 Nov 29 13:19 rm
lrwxrwxrwx1 root root4 Mar 30 16:29 sh - bash

./etc:
total 24
drwxr-xr-x2 root root 4096 Mar 15 16:13 .
drwxr-xr-x8 guestguest4096 Mar 15 16:53 ..
-rw-r--r--1 root root   54 Mar 15 13:23 group
-rw-r--r--1 root root  428 Mar 15 15:56 hosts
-rw-r--r--1 root root   44 Mar 15 15:53 passwd
-rw-r--r--1 root root   52 Mar 15 13:23 shells

./lib:
total 1848
drwxr-xr-x2 root root 4096 Mar 18 13:37 .
drwxr-xr-x8 guestguest4096 Mar 15 16:53 ..
-rwxr-xr-x1 root root92511 Mar 15 12:49 ld-linux.so.2
-rwxr-xr-x1 root root  1170812 Mar 15 12:49 libc.so.6
-rw-r--r--1 root root20900 Mar 15 13:01 libcrypt.so.1
-rw-r--r--1 root root 9436 Mar 15 12:49 libdl.so.2
-rw-r--r--1 root root   248132 Mar 15 12:48 libncurses.so.5
-rw-r--r--1 root root71332 Mar 15 13:00 libnsl.so.1
-rw-r--r--1 root root34144 Mar 15 16:10
libnss_files.so.2
-rw-r--r--1 root root29420 Mar 15 12:57 libpam.so.0
-rw-r--r--1 root root   105498 Mar 15 12:51 libpthread.so.0
-rw-r--r--1 root root25596 Mar 15 12:51 librt.so.1
-rw-r--r--1 root root 7760 Mar 15 12:59 libutil.so.1
-rw-r--r--1 root root24328 Mar 15 12:57 libwrap.so.0

./usr:
total 16
drwxr-xr-x4 root root 4096 Mar 15 13:00 .
drwxr-xr-x8 guestguest4096 Mar 15 16:53 ..
drwxr-xr-x2 root root 4096 Mar 15 15:55 bin
drwxr-xr-x2 root root 4096 Mar 15 15:37 lib

./usr/bin:
total 340
drwxr-xr-x2 root root 4096 Mar 15 15:55 .
drwxr-xr-x4 root root 4096 Mar 15 13:00 ..
-rwxr-xr-x1 root root10332 Mar 15 15:55 env
-rwxr-xr-x1 root root13052 Mar 15 13:13 id
-r-xr-xr-x1 root root25432 Mar 15 12:40 scp
-rwxr-xr-x1 root root43768 Mar 15 15:15 sftp
-r-sr-xr-x1 root root   218456 Mar 15 12:40 ssh
-rwxr-xr-x1 root root 9692 Mar 15 13:17 tty

./usr/lib:
total 852
drwxr-xr-x2 root root 4096 Mar 15 15:37 .
drwxr-xr-x4 root root 4096 Mar 15 13:00 ..
-rw-r--r--1 root root   771088 Mar 15 13:01
libcrypto.so.0.9.6
-rw-r--r--1 root root54548 Mar 15 13:00 libz.so.1
-rwxr-xr-x1 root root23096 Mar 15 15:37 sftp-server

Some of these can probably be removed in your case, (i also allow some
local commands, not only sftp/scp)

Just make sure all these files are owned by root (or some other user)
and not writable by the chrooted user.

 I can use vpn to let them safely use ftp over the internet.  That's only
 way they can use ftp since the firewall blocks ftp from the internet. 
 But that stills leaves the scp hole.

Fixed :)

The chroot-patch is at: 
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=139047repeatmerged=yes
or:
http://www.cag.lcs.mit.edu/~raoul/


-- 
Mark Janssen Unix / Linux, Open-Source and Internet Consultant 
SyConOS IT
E-mail: mark(at)markjanssen.nl / maniac(at)maniac.nl GnuPG Key Id:
357D2178
Web: Maniac.nl Unix-God.[Net|Org] MarkJanssen.[com|net|org|nl]
SyConOS.[com|nl]



signature.asc
Description: This is a digitally signed message part


Re: scp and sftp

2002-04-01 Thread Rob VanFleet

On Mon, Apr 01, 2002 at 10:35:35AM -0500, Jon McCain wrote:
 But changing permissions on the .bash_profile so they don't own it (and
 not in their group) should take care of that problem.  They can read it
 all they want, just not change it.

A cleaner solution would be to make it immutable.

(as root): chattr +i .bash_profile

HTH

-Rob


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]




Re: scp and sftp

2002-04-01 Thread Stelios Bounanos

  On Mon, 01 Apr 2002 10:35:35 -0500, Jon McCain
  [EMAIL PROTECTED] was runoured to have said:

  All of this has gotten me to thinking about another flaw in the way I
  have things set up.  I'm preventing users from getting to a $ by running
  a menu from their profile.

  exec /usr/bin/menu

  This works fine since the exec causes menu to become their shell
  process.

  But some smart user could get around this by using pscp to upload their
  own .bash_profile.  Even if I fix it so I have them chroot'd on their
  home would not prevent this since this file is in their home.

Their shell will already be chrooted by the time .bash_profile is run, so I
don't see the problem here... Unless you don't want to give them a shell
at all, for some reason?

  But changing permissions on the .bash_profile so they don't own it (and
  not in their group) should take care of that problem.  They can read it
  all they want, just not change it.

But they can remove and replace it with something else, since they own
the parent dir. You'd have to turn on the sticky bit of their home
dir and take away the ownership, e.g. ownership root.user's group
and permissions 1770. This way they get a nice EPERM if they try to
mess with anything they don't own in their home directory.


Rgds,
/-sb.


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]




Re: scp and sftp

2002-04-01 Thread Pedro Zorzenon Neto
On Sat, Mar 30, 2002 at 10:24:28PM -0500, Jon McCain wrote:
 I've been playing around with the scp and sftp components of putty and
 noticed what I consider a security hole.  Winscp does the same thing. 
 The user can change to directories above their home.  Is there a way to
 chroot them like you can in an ftp config file?  I don't see anything in
 the sshd config files.  If you can't, how can I disable the scp
 functionality?  I'm not talking about scp from the linux box.  The users
 don't have shell access so that's not a problem.  I'm referring to
 remote people using a scp client to access my linux machine.  You can
 disable sftp ability by removing the sftp-server program but the scp
 server part seems to be part of sshd.
 
 I did not see anything about this issue on the openssh web site. 
 Anybody got any suggestions?

With the following commands, you can copy files without scp:

  $ cat localfile | ssh somehost cat  /somedir/remotefile
  $ ssh somehost cat /somedir/remotefile  localfile

So, it seems unusefull to disable scp and enable ssh...


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]



Re: scp and sftp

2002-04-01 Thread Jon McCain
 
  The user can change to directories above their home.
  Is there a way to chroot them
 
 Use restricted bash shell for the user (/bin/rbash) in the
 /etc/passwd.
 

This does not seem to affect sshd.  I changed a user to use rbash but I
could still go to a windows machine and use the putty program pscp to
get a file from /etc.   

pscp [EMAIL PROTECTED]:/etc/passwd passwd.txt


Maybe it's simply just not a feature of openssh. I think I'll
investigate that chroot patch to sshd someone mentioned.  I think they
said it was for woody, but I'll see if it works with potato.


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]



re: scp and sftp

2002-04-01 Thread Jon McCain
I think some of you misunderstood me.  I was not clear about my
concern.  Users can ssh into my machine but their profiles are fixed to
run a menu of things I allow them to do.  Thus they can't get to the $
prompt and thus can't cd to other directories to see what's there.  And
even they did, permission are set so they could not overwrite important
files.  I simply don't want them to be able to read stuff not in their
own home.  Files like /etc/passwd,/etc/shadow,etc. Anything with
information someone could use to locally exploit the machine.  But you
can use pscp from a windows machine and poke around and download files
from places other than your home directory.

If there is another email list that this is more appropriate for, let me
know.


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]



Re: scp and sftp

2002-04-01 Thread Marcin Owsiany
On Mon, Apr 01, 2002 at 10:04:50AM -0300, Pedro Zorzenon Neto wrote:
 With the following commands, you can copy files without scp:
 
   $ cat localfile | ssh somehost cat  /somedir/remotefile
   $ ssh somehost cat /somedir/remotefile  localfile
 
 So, it seems unusefull to disable scp and enable ssh...

You might want to enable ssh with /usr/bin/passwd as user's shell.
Disabling scp then seems to make sense.

Marcin
-- 
Marcin Owsiany [EMAIL PROTECTED] http://marcin.owsiany.pl/
GnuPG: 1024D/60F41216  FE67 DA2D 0ACA FC5E 3F75  D6F6 3A0D 8AA0 60F4 1216


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]



re: scp and sftp

2002-04-01 Thread Jon McCain
All of this has gotten me to thinking about another flaw in the way I
have things set up.  I'm preventing users from getting to a $ by running
a menu from their profile.

exec /usr/bin/menu

This works fine since the exec causes menu to become their shell
process.

But some smart user could get around this by using pscp to upload their
own .bash_profile.  Even if I fix it so I have them chroot'd on their
home would not prevent this since this file is in their home.

But changing permissions on the .bash_profile so they don't own it (and
not in their group) should take care of that problem.  They can read it
all they want, just not change it.


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]



Re: scp and sftp

2002-04-01 Thread Chris Reeves
On Mon, Apr 01, 2002 at 10:35:35AM -0500, Jon McCain wrote:
 All of this has gotten me to thinking about another flaw in the way I
 have things set up.  I'm preventing users from getting to a $ by running
 a menu from their profile.
 
 exec /usr/bin/menu
 
 This works fine since the exec causes menu to become their shell
 process.
 
 But some smart user could get around this by using pscp to upload their
 own .bash_profile.  Even if I fix it so I have them chroot'd on their
 home would not prevent this since this file is in their home.
 
 But changing permissions on the .bash_profile so they don't own it (and
 not in their group) should take care of that problem.  They can read it
 all they want, just not change it.

Why not change the users' shell to /usr/bin/menu? 

Bye,
Chris
-- 
http://www.tuxedo.org/~esr/faqs/smart-questions.html
  __   _
  -o)/ /  (_)__  __   __  Chris Reeves
  /\\ /__/ / _ \/ // /\ \/ /  ICQ# 22219005
 _\_v __/_/_//_/\_,_/ /_/\_\


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]



Re: scp and sftp

2002-04-01 Thread Jon McCain
Chris Reeves wrote:
 
 Why not change the users' shell to /usr/bin/menu?
 

Because they need to be able to transfer files to their home
directories.  If you do this, then ftp,pscp,etc won't work.  My original
goal was to allow them transfer files to/from home directory with
something besides ftp (since they are going over the internet) but not
allow them to change to directories above the home.  Proftp allowed me
to chroot them to the home but scp/sftp does not.

I can use vpn to let them safely use ftp over the internet.  That's only
way they can use ftp since the firewall blocks ftp from the internet. 
But that stills leaves the scp hole.


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]



Re: scp and sftp

2002-04-01 Thread Mark Janssen
On Mon, 2002-04-01 at 18:41, Jon McCain wrote:
 Chris Reeves wrote:
  
  Why not change the users' shell to /usr/bin/menu?
  
 
 Because they need to be able to transfer files to their home
 directories.  If you do this, then ftp,pscp,etc won't work.  My original
 goal was to allow them transfer files to/from home directory with
 something besides ftp (since they are going over the internet) but not
 allow them to change to directories above the home.  Proftp allowed me
 to chroot them to the home but scp/sftp does not.

Like I said in a previous post. SSH/SFTP/SCP will allow the same kind of
chroot-ing proftp does, using the chroot-patch for openssh. You'll have
to compile sshd yourself, and place some bins/libs in the user's
homedirs (maybe hardlinks to some generic skeleton dir)

Here is my ssh/chroot setup:

. == chrooted users homedir:

./bin:
total 660
drwxr-xr-x2 root root 4096 Mar 18 13:36 .
drwxr-xr-x8 guestguest4096 Mar 15 16:53 ..
-r-xr-xr-x1 root root   531160 Feb  6 22:36 bash
-r-xr-xr-x1 root root43916 Nov 29 13:19 ls
-r-xr-xr-x1 root root16684 Nov 29 13:19 mkdir
-rwxr-xr-x1 root root23960 Mar 18 13:36 more
-r-xr-xr-x1 root root 9916 Jul 26  2001 pwd
-r-xr-xr-x1 root root24780 Nov 29 13:19 rm
lrwxrwxrwx1 root root4 Mar 30 16:29 sh - bash

./etc:
total 24
drwxr-xr-x2 root root 4096 Mar 15 16:13 .
drwxr-xr-x8 guestguest4096 Mar 15 16:53 ..
-rw-r--r--1 root root   54 Mar 15 13:23 group
-rw-r--r--1 root root  428 Mar 15 15:56 hosts
-rw-r--r--1 root root   44 Mar 15 15:53 passwd
-rw-r--r--1 root root   52 Mar 15 13:23 shells

./lib:
total 1848
drwxr-xr-x2 root root 4096 Mar 18 13:37 .
drwxr-xr-x8 guestguest4096 Mar 15 16:53 ..
-rwxr-xr-x1 root root92511 Mar 15 12:49 ld-linux.so.2
-rwxr-xr-x1 root root  1170812 Mar 15 12:49 libc.so.6
-rw-r--r--1 root root20900 Mar 15 13:01 libcrypt.so.1
-rw-r--r--1 root root 9436 Mar 15 12:49 libdl.so.2
-rw-r--r--1 root root   248132 Mar 15 12:48 libncurses.so.5
-rw-r--r--1 root root71332 Mar 15 13:00 libnsl.so.1
-rw-r--r--1 root root34144 Mar 15 16:10
libnss_files.so.2
-rw-r--r--1 root root29420 Mar 15 12:57 libpam.so.0
-rw-r--r--1 root root   105498 Mar 15 12:51 libpthread.so.0
-rw-r--r--1 root root25596 Mar 15 12:51 librt.so.1
-rw-r--r--1 root root 7760 Mar 15 12:59 libutil.so.1
-rw-r--r--1 root root24328 Mar 15 12:57 libwrap.so.0

./usr:
total 16
drwxr-xr-x4 root root 4096 Mar 15 13:00 .
drwxr-xr-x8 guestguest4096 Mar 15 16:53 ..
drwxr-xr-x2 root root 4096 Mar 15 15:55 bin
drwxr-xr-x2 root root 4096 Mar 15 15:37 lib

./usr/bin:
total 340
drwxr-xr-x2 root root 4096 Mar 15 15:55 .
drwxr-xr-x4 root root 4096 Mar 15 13:00 ..
-rwxr-xr-x1 root root10332 Mar 15 15:55 env
-rwxr-xr-x1 root root13052 Mar 15 13:13 id
-r-xr-xr-x1 root root25432 Mar 15 12:40 scp
-rwxr-xr-x1 root root43768 Mar 15 15:15 sftp
-r-sr-xr-x1 root root   218456 Mar 15 12:40 ssh
-rwxr-xr-x1 root root 9692 Mar 15 13:17 tty

./usr/lib:
total 852
drwxr-xr-x2 root root 4096 Mar 15 15:37 .
drwxr-xr-x4 root root 4096 Mar 15 13:00 ..
-rw-r--r--1 root root   771088 Mar 15 13:01
libcrypto.so.0.9.6
-rw-r--r--1 root root54548 Mar 15 13:00 libz.so.1
-rwxr-xr-x1 root root23096 Mar 15 15:37 sftp-server

Some of these can probably be removed in your case, (i also allow some
local commands, not only sftp/scp)

Just make sure all these files are owned by root (or some other user)
and not writable by the chrooted user.

 I can use vpn to let them safely use ftp over the internet.  That's only
 way they can use ftp since the firewall blocks ftp from the internet. 
 But that stills leaves the scp hole.

Fixed :)

The chroot-patch is at: 
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=139047repeatmerged=yes
or:
http://www.cag.lcs.mit.edu/~raoul/


-- 
Mark Janssen Unix / Linux, Open-Source and Internet Consultant @
SyConOS IT
E-mail: mark(at)markjanssen.nl / maniac(at)maniac.nl GnuPG Key Id:
357D2178
Web: Maniac.nl Unix-God.[Net|Org] MarkJanssen.[com|net|org|nl]
SyConOS.[com|nl]


signature.asc
Description: This is a digitally signed message part


Re: scp and sftp

2002-04-01 Thread Rob VanFleet
On Mon, Apr 01, 2002 at 10:35:35AM -0500, Jon McCain wrote:
 But changing permissions on the .bash_profile so they don't own it (and
 not in their group) should take care of that problem.  They can read it
 all they want, just not change it.

A cleaner solution would be to make it immutable.

(as root): chattr +i .bash_profile

HTH

-Rob


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]



Re: scp and sftp

2002-04-01 Thread Stelios Bounanos
  On Mon, 01 Apr 2002 10:35:35 -0500, Jon McCain
  [EMAIL PROTECTED] was runoured to have said:

  All of this has gotten me to thinking about another flaw in the way I
  have things set up.  I'm preventing users from getting to a $ by running
  a menu from their profile.

  exec /usr/bin/menu

  This works fine since the exec causes menu to become their shell
  process.

  But some smart user could get around this by using pscp to upload their
  own .bash_profile.  Even if I fix it so I have them chroot'd on their
  home would not prevent this since this file is in their home.

Their shell will already be chrooted by the time .bash_profile is run, so I
don't see the problem here... Unless you don't want to give them a shell
at all, for some reason?

  But changing permissions on the .bash_profile so they don't own it (and
  not in their group) should take care of that problem.  They can read it
  all they want, just not change it.

But they can remove and replace it with something else, since they own
the parent dir. You'd have to turn on the sticky bit of their home
dir and take away the ownership, e.g. ownership root.user's group
and permissions 1770. This way they get a nice EPERM if they try to
mess with anything they don't own in their home directory.


Rgds,
/-sb.


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]



Re: scp and sftp

2002-03-31 Thread Christian G. Warden

the commercial ssh server has an option to chroot to a user's home
directory.  there are patches available to openssh to do it also,
though i don't know if they've been thoroughly audited.  check out
http://mail.incredimail.com/howto/openssh/
you can make sftp-server the user's shell to only allow sftp access.

xn

On Sat, Mar 30, 2002 at 10:24:28PM -0500, Jon McCain wrote:
 I've been playing around with the scp and sftp components of putty and
 noticed what I consider a security hole.  Winscp does the same thing. 
 The user can change to directories above their home.  Is there a way to
 chroot them like you can in an ftp config file?  I don't see anything in
 the sshd config files.  If you can't, how can I disable the scp
 functionality?  I'm not talking about scp from the linux box.  The users
 don't have shell access so that's not a problem.  I'm referring to
 remote people using a scp client to access my linux machine.  You can
 disable sftp ability by removing the sftp-server program but the scp
 server part seems to be part of sshd.
 
 I did not see anything about this issue on the openssh web site. 
 Anybody got any suggestions?
 
 
 -- 
 To UNSUBSCRIBE, email to [EMAIL PROTECTED]
 with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]




Re: scp and sftp

2002-03-31 Thread Mark Janssen

On Sun, 2002-03-31 at 05:24, Jon McCain wrote:
 I've been playing around with the scp and sftp components of putty and
 noticed what I consider a security hole.  Winscp does the same thing. 
 The user can change to directories above their home.  Is there a way to
 chroot them like you can in an ftp config file?  I don't see anything in
 the sshd config files.  If you can't, how can I disable the scp
 functionality?  I'm not talking about scp from the linux box.  The users
 don't have shell access so that's not a problem.  I'm referring to
 remote people using a scp client to access my linux machine.  You can
 disable sftp ability by removing the sftp-server program but the scp
 server part seems to be part of sshd.

There is a chroot patch for SSH. You can find it in the Bug tracking
system (I added it there a few weeks ago).
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=139047repeatmerged=yes

If you apply that patch to your SSHd and modify the /etc/passwd file by
using the special token '/./' in the user's homedir he will be chrooted
at the token.

Example:

joeuser:x:1099:1099:Joe Random User:/home/joe/./:/bin/bash

Now joeuser will be chrooted to /home/joe

This works for SSH and SCP / SFTP etc of course.

Mark Janssen



 
 I did not see anything about this issue on the openssh web site. 
 Anybody got any suggestions?
 
 
 -- 
 To UNSUBSCRIBE, email to [EMAIL PROTECTED]
 with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
 
-- 
Mark Janssen Unix / Linux, Open-Source and Internet Consultant @
SyConOS IT
E-mail: mark(at)markjanssen.nl / maniac(at)maniac.nl GnuPG Key Id:
357D2178
Web: Maniac.nl Unix-God.[Net|Org] MarkJanssen.[com|net|org|nl]
SyConOS.[com|nl]


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]




Re: scp and sftp

2002-03-31 Thread Emmanuel Lacour

On Sat, Mar 30, 2002 at 10:24:28PM -0500, Jon McCain wrote:
 I've been playing around with the scp and sftp components of putty and
 noticed what I consider a security hole.  Winscp does the same thing. 
 The user can change to directories above their home.  Is there a way to
 chroot them like you can in an ftp config file?  I don't see anything in
 the sshd config files.  If you can't, how can I disable the scp
 functionality?  I'm not talking about scp from the linux box.  The users
 don't have shell access so that's not a problem.  I'm referring to
 remote people using a scp client to access my linux machine.  You can
 disable sftp ability by removing the sftp-server program but the scp
 server part seems to be part of sshd.
 
 I did not see anything about this issue on the openssh web site. 
 Anybody got any suggestions?
 

I've got a debian package with the chroot patch enabled, and search this
mailing list, there was some discussions about that last year.

You can get my package for woody here:

http://debian.home-dn.net/woody/ ssh/

Debian people question:

What about making a ssh-chroot package, made of the current ssh package
and just the chroot patch enabled? It will be easier to maintains systems
with the need of chroot and, as it will be more used, there will be more
people to really audit it!


-- 
Easter-eggsSpécialiste GNU/Linux
44-46 rue de l'Ouest  -  75014 Paris   -   France -  Métro Gaité
Phone: +33 (0) 1 43 35 00 37- Fax: +33 (0) 1 41 35 00 76
mailto:[EMAIL PROTECTED]   -http://www.easter-eggs.com



msg06135/pgp0.pgp
Description: PGP signature


Re: scp and sftp

2002-03-31 Thread vdongen

 I've been playing around with the scp and sftp components of putty
 and
 noticed what I consider a security hole.  Winscp does the same thing.
 The user can change to directories above their home.  Is there a way
 to
 chroot them like you can in an ftp config file?
scp is merely a way to use a ssh shell login to up and download a file, 
it has the same restrictions a ssh session would have.
when you login using ssh you can do cd .. too...so I don't see 
the security problem.
  I don't see anything
 in
 the sshd config files.  If you can't, how can I disable the scp
 functionality?  I'm not talking about scp from the linux box.  The
 users
 don't have shell access so that's not a problem.  I'm referring to
 remote people using a scp client to access my linux machine.  You can
 disable sftp ability by removing the sftp-server program but the scp
 server part seems to be part of sshd.
your users can't connect with the same l/p using ssh? that would be 
really weird.
 
 I did not see anything about this issue on the openssh web site. 
 Anybody got any suggestions?
That doesn't surprise me since this is not a bug or strange feature.

Greetz,

Ivo van Dongen



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]




Re: scp and sftp

2002-03-31 Thread ambarish pathak

- Original Message -
From: Jon McCain
Sent: Sunday, March 31, 2002 8:54 AM


 The user can change to directories above their home.
 Is there a way to chroot them

Use restricted bash shell for the user (/bin/rbash) in the
/etc/passwd.


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]




Re: scp and sftp

2002-03-31 Thread Christian G. Warden
the commercial ssh server has an option to chroot to a user's home
directory.  there are patches available to openssh to do it also,
though i don't know if they've been thoroughly audited.  check out
http://mail.incredimail.com/howto/openssh/
you can make sftp-server the user's shell to only allow sftp access.

xn

On Sat, Mar 30, 2002 at 10:24:28PM -0500, Jon McCain wrote:
 I've been playing around with the scp and sftp components of putty and
 noticed what I consider a security hole.  Winscp does the same thing. 
 The user can change to directories above their home.  Is there a way to
 chroot them like you can in an ftp config file?  I don't see anything in
 the sshd config files.  If you can't, how can I disable the scp
 functionality?  I'm not talking about scp from the linux box.  The users
 don't have shell access so that's not a problem.  I'm referring to
 remote people using a scp client to access my linux machine.  You can
 disable sftp ability by removing the sftp-server program but the scp
 server part seems to be part of sshd.
 
 I did not see anything about this issue on the openssh web site. 
 Anybody got any suggestions?
 
 
 -- 
 To UNSUBSCRIBE, email to [EMAIL PROTECTED]
 with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]



Re: scp and sftp

2002-03-31 Thread Mark Janssen
On Sun, 2002-03-31 at 05:24, Jon McCain wrote:
 I've been playing around with the scp and sftp components of putty and
 noticed what I consider a security hole.  Winscp does the same thing. 
 The user can change to directories above their home.  Is there a way to
 chroot them like you can in an ftp config file?  I don't see anything in
 the sshd config files.  If you can't, how can I disable the scp
 functionality?  I'm not talking about scp from the linux box.  The users
 don't have shell access so that's not a problem.  I'm referring to
 remote people using a scp client to access my linux machine.  You can
 disable sftp ability by removing the sftp-server program but the scp
 server part seems to be part of sshd.

There is a chroot patch for SSH. You can find it in the Bug tracking
system (I added it there a few weeks ago).
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=139047repeatmerged=yes

If you apply that patch to your SSHd and modify the /etc/passwd file by
using the special token '/./' in the user's homedir he will be chrooted
at the token.

Example:

joeuser:x:1099:1099:Joe Random User:/home/joe/./:/bin/bash

Now joeuser will be chrooted to /home/joe

This works for SSH and SCP / SFTP etc of course.

Mark Janssen



 
 I did not see anything about this issue on the openssh web site. 
 Anybody got any suggestions?
 
 
 -- 
 To UNSUBSCRIBE, email to [EMAIL PROTECTED]
 with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
 
-- 
Mark Janssen Unix / Linux, Open-Source and Internet Consultant @
SyConOS IT
E-mail: mark(at)markjanssen.nl / maniac(at)maniac.nl GnuPG Key Id:
357D2178
Web: Maniac.nl Unix-God.[Net|Org] MarkJanssen.[com|net|org|nl]
SyConOS.[com|nl]


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]



Re: scp and sftp

2002-03-31 Thread Emmanuel Lacour
On Sat, Mar 30, 2002 at 10:24:28PM -0500, Jon McCain wrote:
 I've been playing around with the scp and sftp components of putty and
 noticed what I consider a security hole.  Winscp does the same thing. 
 The user can change to directories above their home.  Is there a way to
 chroot them like you can in an ftp config file?  I don't see anything in
 the sshd config files.  If you can't, how can I disable the scp
 functionality?  I'm not talking about scp from the linux box.  The users
 don't have shell access so that's not a problem.  I'm referring to
 remote people using a scp client to access my linux machine.  You can
 disable sftp ability by removing the sftp-server program but the scp
 server part seems to be part of sshd.
 
 I did not see anything about this issue on the openssh web site. 
 Anybody got any suggestions?
 

I've got a debian package with the chroot patch enabled, and search this
mailing list, there was some discussions about that last year.

You can get my package for woody here:

http://debian.home-dn.net/woody/ ssh/

Debian people question:

What about making a ssh-chroot package, made of the current ssh package
and just the chroot patch enabled? It will be easier to maintains systems
with the need of chroot and, as it will be more used, there will be more
people to really audit it!


-- 
Easter-eggsSpécialiste GNU/Linux
44-46 rue de l'Ouest  -  75014 Paris   -   France -  Métro Gaité
Phone: +33 (0) 1 43 35 00 37- Fax: +33 (0) 1 41 35 00 76
mailto:[EMAIL PROTECTED]   -http://www.easter-eggs.com


pgpHsuWMebkjt.pgp
Description: PGP signature


Re: scp and sftp

2002-03-31 Thread vdongen
 I've been playing around with the scp and sftp components of putty
 and
 noticed what I consider a security hole.  Winscp does the same thing.
 The user can change to directories above their home.  Is there a way
 to
 chroot them like you can in an ftp config file?
scp is merely a way to use a ssh shell login to up and download a file, 
it has the same restrictions a ssh session would have.
when you login using ssh you can do cd .. too...so I don't see 
the security problem.
  I don't see anything
 in
 the sshd config files.  If you can't, how can I disable the scp
 functionality?  I'm not talking about scp from the linux box.  The
 users
 don't have shell access so that's not a problem.  I'm referring to
 remote people using a scp client to access my linux machine.  You can
 disable sftp ability by removing the sftp-server program but the scp
 server part seems to be part of sshd.
your users can't connect with the same l/p using ssh? that would be 
really weird.
 
 I did not see anything about this issue on the openssh web site. 
 Anybody got any suggestions?
That doesn't surprise me since this is not a bug or strange feature.

Greetz,

Ivo van Dongen



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]



Re: scp and sftp

2002-03-31 Thread ambarish pathak
- Original Message -
From: Jon McCain
Sent: Sunday, March 31, 2002 8:54 AM


 The user can change to directories above their home.
 Is there a way to chroot them

Use restricted bash shell for the user (/bin/rbash) in the
/etc/passwd.


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]



Re: scp and sftp

2002-03-30 Thread Junichi Uekawa

Jon McCain [EMAIL PROTECTED] cum veritate scripsit:

 I've been playing around with the scp and sftp components of putty and
 noticed what I consider a security hole.  Winscp does the same thing. 
 The user can change to directories above their home.  Is there a way to
 chroot them like you can in an ftp config file?  I don't see anything in
 the sshd config files.  If you can't, how can I disable the scp
 functionality?  I'm not talking about scp from the linux box.  The users
 don't have shell access so that's not a problem.  I'm referring to
 remote people using a scp client to access my linux machine.  You can
 disable sftp ability by removing the sftp-server program but the scp
 server part seems to be part of sshd.

I'd be interested to know how you give scp access without 
giving shell access.




regards,
junichi

-- 
[EMAIL PROTECTED] : Junichi Uekawa   http://www.netfort.gr.jp/~dancer
GPG Fingerprint : 17D6 120E 4455 1832 9423  7447 3059 BF92 CD37 56F4


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]




Re: scp and sftp

2002-03-30 Thread Alvin Oga


hi ya

i'd do it with automounter w/ ssh ???

mount  remote:/home/httpd/html /mnt/html
scp /home/user/new_site.html  /mnt/html
sync
umount /mnt/html

mount is not needed if it is configured to auotmount
and user does NOT need shell account on the remote web server

you also cannot cd /  on the remote pc either...


if remote.foo.com is locally accessible ( 192.168.xx ) to
user_pc.foo.com than its not a bigg issue... fairly simple 
and sorta safe??

c ya
alvin


On Sun, 31 Mar 2002, Junichi Uekawa wrote:

 Jon McCain [EMAIL PROTECTED] cum veritate scripsit:
 
  I've been playing around with the scp and sftp components of putty and
  noticed what I consider a security hole.  Winscp does the same thing. 
  The user can change to directories above their home.  Is there a way to
  chroot them like you can in an ftp config file?  I don't see anything in
  the sshd config files.  If you can't, how can I disable the scp
  functionality?  I'm not talking about scp from the linux box.  The users
  don't have shell access so that's not a problem.  I'm referring to
  remote people using a scp client to access my linux machine.  You can
  disable sftp ability by removing the sftp-server program but the scp
  server part seems to be part of sshd.
 
 I'd be interested to know how you give scp access without 
 giving shell access.
 


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]




Re: scp and sftp

2002-03-30 Thread Junichi Uekawa
Jon McCain [EMAIL PROTECTED] cum veritate scripsit:

 I've been playing around with the scp and sftp components of putty and
 noticed what I consider a security hole.  Winscp does the same thing. 
 The user can change to directories above their home.  Is there a way to
 chroot them like you can in an ftp config file?  I don't see anything in
 the sshd config files.  If you can't, how can I disable the scp
 functionality?  I'm not talking about scp from the linux box.  The users
 don't have shell access so that's not a problem.  I'm referring to
 remote people using a scp client to access my linux machine.  You can
 disable sftp ability by removing the sftp-server program but the scp
 server part seems to be part of sshd.

I'd be interested to know how you give scp access without 
giving shell access.




regards,
junichi

-- 
[EMAIL PROTECTED] : Junichi Uekawa   http://www.netfort.gr.jp/~dancer
GPG Fingerprint : 17D6 120E 4455 1832 9423  7447 3059 BF92 CD37 56F4


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]



Re: scp and sftp

2002-03-30 Thread Alvin Oga

hi ya

i'd do it with automounter w/ ssh ???

mount  remote:/home/httpd/html /mnt/html
scp /home/user/new_site.html  /mnt/html
sync
umount /mnt/html

mount is not needed if it is configured to auotmount
and user does NOT need shell account on the remote web server

you also cannot cd /  on the remote pc either...


if remote.foo.com is locally accessible ( 192.168.xx ) to
user_pc.foo.com than its not a bigg issue... fairly simple 
and sorta safe??

c ya
alvin


On Sun, 31 Mar 2002, Junichi Uekawa wrote:

 Jon McCain [EMAIL PROTECTED] cum veritate scripsit:
 
  I've been playing around with the scp and sftp components of putty and
  noticed what I consider a security hole.  Winscp does the same thing. 
  The user can change to directories above their home.  Is there a way to
  chroot them like you can in an ftp config file?  I don't see anything in
  the sshd config files.  If you can't, how can I disable the scp
  functionality?  I'm not talking about scp from the linux box.  The users
  don't have shell access so that's not a problem.  I'm referring to
  remote people using a scp client to access my linux machine.  You can
  disable sftp ability by removing the sftp-server program but the scp
  server part seems to be part of sshd.
 
 I'd be interested to know how you give scp access without 
 giving shell access.
 


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]