Date: Mon, 7 Jun 2004 13:41:49 -0700 From: "Crist J. Clark" <cristjc@comcast.net> To: Doug Barton <DougB@FreeBSD.org> Cc: Dan Rue <drue@therub.org> Subject: Re: [Freebsd-security] Re: Multi-User Security Message-ID: <20040607204149.GC75747@blossom.cjclark.org> In-Reply-To: <20040606233720.F1850@ync.qbhto.arg> References: <20040518160517.GA10067@therub.org> <OPEPILILPLAKPFCNKOKAGEGHCBAA.remko@elvandar.org> <20040520033024.GA26640@therub.org> <20040606233720.F1850@ync.qbhto.arg>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, Jun 06, 2004 at 11:38:55PM -0700, Doug Barton wrote: > On Wed, 19 May 2004, Dan Rue wrote: > > >You obviously havn't tried to chroot scponly users.. _that's_ the tricky > >part. Especially if you want it to scale up beyond a handful of users. > >If i'm wrong - fill me in i'd love to hear how to do it. > > Have you considered using ~/.ssh/authorized_keys to restrict the account > from tty access? This would allow you to do commands (like scp) without > the risk of the user getting an actual shell. $ ssh host /bin/sh You don't need a tty to get an interactive shell. -- Crist J. Clark | cjclark@alum.mit.edu | cjclark@jhu.edu http://people.freebsd.org/~cjc/ | cjc@freebsd.org
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040607204149.GC75747>