ssh-dummy-shell

Markus Friedl markus at openbsd.org
Sat Nov 24 06:40:55 EST 2001


On Fri, Nov 23, 2001 at 09:37:17PM +0200, Pekka Savola wrote:
> On Fri, 23 Nov 2001, Markus Friedl wrote:
> > well, do we really need this?
> > 
> > i think you just could use sftp-server as a loginshell and have the
> > same effect.
> > 
> > are there any problems if we set the loginshell to sftp-server? for
> > interactive logins nothing happens, and it even works with sftp over
> > both protocol version 1 and 2.
> > 
> > are there any risks?
> > 
> > all ssh-dummy-shell is restrict the possible commands to sftp-server
> > and prints an error message if the shell is used without the sftp
> > client. so it's a little bit more user friendly.
> 
> Without a possibility for forced chroot, a shell is interesting but IMO
> not all that useful.  If you don't trust the users with a shell, you 
> probably don't want them poking around your system.  I wouldn't.

there is a big difference between reading/writing files and
having full access to a system. or what am i missing?



More information about the openssh-unix-dev mailing list