On 21 Jul 1999, in message <[EMAIL PROTECTED]>
Guan Sin Ong <[EMAIL PROTECTED]> wrote:
| We have set up a remote server at the other corner of the Net to allow
| our staff log into the machine using ssh, set up a tunnel, and then
| forward all their connections through the tunnel securely. We do not
| want to allow login shell access to the system. So basically what we do
| is to have a dummy shell for each of the logins. The dummy shell is
| simply a program doing nothing other than sleep() system call for many
| many seconds. That way logging in is fine but no access to the system.
| Would appreciate if anyone can point out any security concerns with such
| setup. I am especially concerned if there are ways to break out of the
| dummy shell (in which case I assume the ssh connection will be dropped)
| or anything I don't know to compromise it.
If your dummy shell is literally a sleep() C program, they should not
be able to compromise the dummy shell itself. (BTW, a much better thing
is to just call pause() - sleep() is a pause/alarm mix, and pause is
what you really want).
You should secure this kind of thing by
- having the authorised_keys and .ssh dir owned not by the user,
but by root; thus even if they get access they can't further
compromise the ssh setup (of course, if they get access they
may do other damage or see other things)
Try to make sure that the forwarded ports are localhost only.
One of my fears with the ssh access we give people is that a forwarded
port is essentially a free-for-all hole in our firewall, providing direct
access to whatever service is supplies from the remote host, for anyone.
So: anyone can hack your POP server is you forward that for email, and
often POP servers live of the real password file of the serving machine,
so an attacker can use the forwarded port to try login/password pairs, etc.
And so forth for other forwarded services.
--
Cameron Simpson, DoD#743 [EMAIL PROTECTED] http://www.zip.com.au/~cs/
They live on their nerves, and nerves were given to a man as an investment,
not as a current account. - Frank S. Smythe, in The Mountain Vision,
writing about climbers that continually
push the edge........
