ssh-dummy-shell
Markus Friedl
markus at openbsd.org
Sat Nov 24 06:40:55 EST 2001
On Fri, Nov 23, 2001 at 09:37:17PM +0200, Pekka Savola wrote:
> On Fri, 23 Nov 2001, Markus Friedl wrote:
> > well, do we really need this?
> >
> > i think you just could use sftp-server as a loginshell and have the
> > same effect.
> >
> > are there any problems if we set the loginshell to sftp-server? for
> > interactive logins nothing happens, and it even works with sftp over
> > both protocol version 1 and 2.
> >
> > are there any risks?
> >
> > all ssh-dummy-shell is restrict the possible commands to sftp-server
> > and prints an error message if the shell is used without the sftp
> > client. so it's a little bit more user friendly.
>
> Without a possibility for forced chroot, a shell is interesting but IMO
> not all that useful. If you don't trust the users with a shell, you
> probably don't want them poking around your system. I wouldn't.
there is a big difference between reading/writing files and
having full access to a system. or what am i missing?
More information about the openssh-unix-dev
mailing list