Date: Tue, 5 Apr 2005 03:17:43 +0200 From: Anthony Atkielski <atkielski.anthony@wanadoo.fr> To: freebsd-questions@freebsd.org Subject: Securely allowing just one application via telnet Message-ID: <1183736361.20050405031743@wanadoo.fr>
next in thread | raw e-mail | index | archive | help
If I want to allow external users to log on under only one permissible username, which immediately and unconditionally executes only one program (no shell access), via telnet, what is the most secure way to set this up? I've always understood telnet to be somewhat of a Pandora's box for security, but I don't know if that applies to the protocol itself, or to telnetd, or if it just refers to the many dangers of shell access, or what. If there is a way to secure this type of access, I'd like to try it on my test server (I won't risk the production server, of course), as an exercise in setting up custom environments. Any suggestions on how best to do this securely? If a specific user is restricted to a specific program at login (via /etc/passwd), is there _any_ way he can sneak out to a shell, assuming that the program he is forced to run does _not_ provide shellout access? -- Anthony
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1183736361.20050405031743>