disable port forwarding in OpenSSH
Alexey Koptsevich
alex at astro.su.se
Thu Sep 20 06:37:07 EST 2001
Hello,
> Many people have successfully used custom restricted shells that only
> allow one or a small number of commands to be run upon login - you
> shouldn't have a problem with that.
Can running sshd with chroot (to the directory which does not contain
anything but mail folders and executables/libraries needed for sshd and
mail programs) be considered more secure than running custom shell or not?
I use FreeBSD.
> In the case of pine, be sure to disable the ability to jump to a shell in
> the fixed config file, usually /usr/local/etc/pine.conf.fixed.
> (echo 'feature-list=no-enable-suspend' >> /usr/local/etc/pine.conf.fixed)
Thanks! But if no shell -- no ability, right?
> Also be aware that pine has an awful history of security problems,
> exploitable buffer overruns, etc, and that it would probablly be pretty
> easy for a malicious user to send himself a message that would cause his
> pine to jump to a shell.... Maybe you want to consider mutt with
> pine-like bindings instead....
Thanks!..
Best,
Alex
More information about the openssh-unix-dev
mailing list