Date: Tue, 19 Feb 2002 16:28:50 -0800 From: Jason DiCioccio <jdicioccio@epylon.com> To: "'andy@sambolian.net.nz'" <andy@sambolian.net.nz>, freebsd-security@freebsd.org Subject: RE: SSH proxy Message-ID: <657B20E93E93D4118F9700D0B73CE3EA02FFF442@goofy.epylon.lan>
next in thread | raw e-mail | index | archive | help
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
One thing i can think of, which might not have any security implications if
you're running it as their login shell through sshd. But, you'll probably
want to set stuff like PATH and LD_LIBRARY_PATH in the script (more
importantly path) so that the path couldn't be poisoned and the script
couldn't be tricked into going to find those binaries in other places.
Might not affect you in this case, but usually a good thing to do.
Cheers,
- -JD-
- -----Original Message-----
From: andy@sambolian.net.nz [mailto:andy@sambolian.net.nz]
Sent: Tuesday, February 19, 2002 4:21 PM
To: freebsd-security@freebsd.org
Subject: SSH proxy
Hi
I have a fbsd gateway at home through which I share our cable modem with my
flatmates. They have their own boxes on the lan and ssh to them from work.
At
the moment we log into the gateway and from there ssh to the box we want. I
have made a shell script to automate this, and have set it as the default
shell
for our accounts on the gateway. It all works well but I would like to know
if
there is a better way and also if there is a security rish with the way I
have
done it now. Here is the script....
<!-- snip -->
#!/bin/sh
echo
echo ---------------------------------------
echo ------------ SSH Proxy ----------------
echo ---------------------------------------
echo
SSH=/usr/bin/ssh
DEFAULTUSER=`whoami`
DEFAULTHOST=`cat ~/.sshproxyhost 2> /dev/null`
echo -n Enter username [${DEFAULTUSER}]:
read USERNAME
echo -n Enter host [${DEFAULTHOST}]:
read HOSTNAME
if [ -z ${USERNAME} ]; then
USERNAME=${DEFAULTUSER}
fi
if [ -z ${HOSTNAME} ]; then
HOSTNAME=${DEFAULTHOST}
fi
if [ -z ${HOSTNAME} ]; then
echo "Can not determine the hostname"
exit 1
fi
echo ${HOSTNAME} > ~/.sshproxyhost
${SSH} -l ${USERNAME} ${HOSTNAME}
exit 0
<!-- snip -->
cheers
Andrew
- -------------------------------------------------
This mail sent through IMP: http://horde.org/imp/
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
-----BEGIN PGP SIGNATURE-----
Version: PGP 7.0.4
iQA/AwUBPHLvlr8+wXo6G32BEQKT9gCfaa5n1Xbe+l7ceFSCUISG+7PdylUAnjJW
VLpWe+A2rtwJUT/LGlONiFZA
=JW7W
-----END PGP SIGNATURE-----
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?657B20E93E93D4118F9700D0B73CE3EA02FFF442>