ssh-dummy-shell
Pekka Savola
pekkas at netcore.fi
Sat Nov 24 06:51:07 EST 2001
On Fri, 23 Nov 2001, Markus Friedl wrote:
> On Fri, Nov 23, 2001 at 09:37:17PM +0200, Pekka Savola wrote:
> > Without a possibility for forced chroot, a shell is interesting but IMO
> > not all that useful. If you don't trust the users with a shell, you
> > probably don't want them poking around your system. I wouldn't.
>
> there is a big difference between reading/writing files and
> having full access to a system. or what am i missing?
Well, depends on the situation you're in. Both require trust.
I sure wouldn't want the ftp user that are chrooted to their own website
directories mucking around the system configs etc.
In some cases, it's only important to "take the fangs off the trusted
users" so they cannot do anything _really_ disturbing via a shell.. it
varies.
Note that AFAIR, ssh.com provides chroot, which may be part of the reason
they felt ssh-dummy-shell is useful.
(I really would like to start transitioning ftp+chroot people to
sftp+chroot, for password encryption if nothing else, but that's still a
bit problematic).
--
Pekka Savola "Tell me of difficulties surmounted,
Netcore Oy not those you stumble over and fall"
Systems. Networks. Security. -- Robert Jordan: A Crown of Swords
More information about the openssh-unix-dev
mailing list