From owner-freebsd-questions Sat Dec 9 23:26:13 2000 From owner-freebsd-questions@FreeBSD.ORG Sat Dec 9 23:26:10 2000 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mailhost01.reflexnet.net (mailhost01.reflexnet.net [64.6.192.82]) by hub.freebsd.org (Postfix) with ESMTP id 2606037B400 for ; Sat, 9 Dec 2000 23:26:10 -0800 (PST) Received: from 149.211.6.64.reflexcom.com ([64.6.211.149]) by mailhost01.reflexnet.net with Microsoft SMTPSVC(5.5.1877.197.19); Sat, 9 Dec 2000 23:24:27 -0800 Received: (from cjc@localhost) by 149.211.6.64.reflexcom.com (8.11.0/8.11.0) id eBA7Pxr02924; Sat, 9 Dec 2000 23:25:59 -0800 (PST) (envelope-from cjc) Date: Sat, 9 Dec 2000 23:25:59 -0800 From: "Crist J. Clark" To: "Nicolai L. Brown" Cc: Nicolas , freebsd-questions@FreeBSD.ORG Subject: Re: scp only Message-ID: <20001209232558.J96105@149.211.6.64.reflexcom.com> Reply-To: cjclark@alum.mit.edu References: <005201c0622c$93aff800$0364000a@rachinsky.de> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0i In-Reply-To: ; from nbrown@iowaone.net on Sun, Dec 10, 2000 at 12:50:26AM -0600 Sender: cjc@149.211.6.64.reflexcom.com Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Sun, Dec 10, 2000 at 12:50:26AM -0600, Nicolai L. Brown wrote: > > On Sat, 9 Dec 2000, Nicolas wrote: > > > I'm sorry but none of your solutions works. /bin/false as shells > > denies any access via ssh (including scp) ~/.login containing logout > > could be circumvented by starting another command (e.g. /bin/sh) via > > ssh. Nicolas > > How? If their ~/.login contains 'logout', and they don't have access to > overwrite it, they can't execute anything else. Maybe I'm missing > something, show me how you are doing this. On bubbles, $ cat .login logout $ grep cjc /etc/passwd cjc:*:1001:1001:Crist J. Clark:/usr/home/cjc:/bin/tcsh If I try to do an interactive ssh, $ ssh bubbles cjc@bubbles.cjclark.org's password: Last login: Sat Dec 9 22:41:54 2000 from main Copyright (c) 1980, 1983, 1986, 1988, 1990, 1991, 1993, 1994 The Regents of the University of California. All rights reserved. FreeBSD 5.0-CURRENT (BUBBLES) #0: Sat Nov 25 03:20:41 PST 2000 Welcome to FreeBSD! Connection to bubbles.cjclark.org closed. $ It does work like you expect. However, $ ssh bubbles "ls -l /" cjc@bubbles.cjclark.org's password: total 2906 -r--r--r-- 1 root wheel 4735 Mar 20 2000 COPYRIGHT drwxr-xr-x 2 root wheel 1024 Nov 25 13:41 bin drwxr-xr-x 7 root wheel 512 Nov 25 13:41 boot drwxr-xr-x 2 root wheel 512 Nov 11 10:47 cdrom lrwxr-xr-x 1 root wheel 11 Nov 11 10:57 compat -> /usr/compat drwxr-xr-x 3 root wheel 16896 Nov 26 01:55 dev drwxr-xr-x 15 root wheel 2048 Nov 26 01:51 etc lrwxrwxrwx 1 root wheel 9 Nov 11 11:08 home -> /usr/home -rwxr-xr-x 1 root wheel 2777025 Mar 20 2000 kernel.GENERIC -rw------- 1 root wheel 147456 Nov 26 01:55 ldconfig.core drwxr-xr-x 2 root wheel 512 Mar 20 2000 mnt dr-xr-xr-x 1 root wheel 512 Dec 9 23:21 proc drwxr-xr-x 4 root wheel 1024 Nov 21 23:07 root drwxr-xr-x 2 root wheel 2048 Nov 25 13:39 sbin drwxr-xr-x 4 root wheel 512 Nov 11 10:47 stand lrwxr-xr-x 1 root wheel 11 Nov 25 13:24 sys -> usr/src/sys lrwxr-xr-x 1 root wheel 7 Nov 12 15:13 tmp -> var/tmp drwxr-xr-x 21 root wheel 512 Dec 6 01:03 usr lrwxr-xr-x 1 root wheel 7 Nov 11 11:22 var -> usr/var $ Or to be a little more slick, $ ssh bubbles "tcsh -f" Would give me an interactive shell. -- Crist J. Clark cjclark@alum.mit.edu To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message