Date: Sat, 9 Dec 2000 23:25:59 -0800 From: "Crist J. Clark" <cjclark@reflexnet.net> To: "Nicolai L. Brown" <nbrown@iowaone.net> Cc: Nicolas <list@rachinsky.de>, freebsd-questions@FreeBSD.ORG Subject: Re: scp only Message-ID: <20001209232558.J96105@149.211.6.64.reflexcom.com> In-Reply-To: <Pine.BSF.4.30.0012100044030.1230-100000@everest.iowaone.net>; from nbrown@iowaone.net on Sun, Dec 10, 2000 at 12:50:26AM -0600 References: <005201c0622c$93aff800$0364000a@rachinsky.de> <Pine.BSF.4.30.0012100044030.1230-100000@everest.iowaone.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, Dec 10, 2000 at 12:50:26AM -0600, Nicolai L. Brown wrote: > > On Sat, 9 Dec 2000, Nicolas wrote: > > > I'm sorry but none of your solutions works. /bin/false as shells > > denies any access via ssh (including scp) ~/.login containing logout > > could be circumvented by starting another command (e.g. /bin/sh) via > > ssh. Nicolas > > How? If their ~/.login contains 'logout', and they don't have access to > overwrite it, they can't execute anything else. Maybe I'm missing > something, show me how you are doing this. On bubbles, $ cat .login logout $ grep cjc /etc/passwd cjc:*:1001:1001:Crist J. Clark:/usr/home/cjc:/bin/tcsh If I try to do an interactive ssh, $ ssh bubbles cjc@bubbles.cjclark.org's password: Last login: Sat Dec 9 22:41:54 2000 from main Copyright (c) 1980, 1983, 1986, 1988, 1990, 1991, 1993, 1994 The Regents of the University of California. All rights reserved. FreeBSD 5.0-CURRENT (BUBBLES) #0: Sat Nov 25 03:20:41 PST 2000 Welcome to FreeBSD! Connection to bubbles.cjclark.org closed. $ It does work like you expect. However, $ ssh bubbles "ls -l /" cjc@bubbles.cjclark.org's password: total 2906 -r--r--r-- 1 root wheel 4735 Mar 20 2000 COPYRIGHT drwxr-xr-x 2 root wheel 1024 Nov 25 13:41 bin drwxr-xr-x 7 root wheel 512 Nov 25 13:41 boot drwxr-xr-x 2 root wheel 512 Nov 11 10:47 cdrom lrwxr-xr-x 1 root wheel 11 Nov 11 10:57 compat -> /usr/compat drwxr-xr-x 3 root wheel 16896 Nov 26 01:55 dev drwxr-xr-x 15 root wheel 2048 Nov 26 01:51 etc lrwxrwxrwx 1 root wheel 9 Nov 11 11:08 home -> /usr/home -rwxr-xr-x 1 root wheel 2777025 Mar 20 2000 kernel.GENERIC -rw------- 1 root wheel 147456 Nov 26 01:55 ldconfig.core drwxr-xr-x 2 root wheel 512 Mar 20 2000 mnt dr-xr-xr-x 1 root wheel 512 Dec 9 23:21 proc drwxr-xr-x 4 root wheel 1024 Nov 21 23:07 root drwxr-xr-x 2 root wheel 2048 Nov 25 13:39 sbin drwxr-xr-x 4 root wheel 512 Nov 11 10:47 stand lrwxr-xr-x 1 root wheel 11 Nov 25 13:24 sys -> usr/src/sys lrwxr-xr-x 1 root wheel 7 Nov 12 15:13 tmp -> var/tmp drwxr-xr-x 21 root wheel 512 Dec 6 01:03 usr lrwxr-xr-x 1 root wheel 7 Nov 11 11:22 var -> usr/var $ Or to be a little more slick, $ ssh bubbles "tcsh -f" Would give me an interactive shell. -- Crist J. Clark cjclark@alum.mit.edu To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20001209232558.J96105>