chrooting/jailing transfer-only accounts

Ben Lindstrom mouring at etoh.eviladmin.org
Sat May 25 00:57:28 EST 2002


On Fri, 24 May 2002, Sandor W. Sklar wrote:

> At 6:20 PM -0500 5/23/02, Ben Lindstrom wrote:
> >
> >Why?
> >
> >Why don't you just change the user's shell to /path/to/scpjail ?  By doing
> >it this way you capture all subsystems, standard logins and remote
> >commands by just reading the command line and looking at anything past
> >the first -c.  I don't see a reason why one needs to use command="".
>
> I'm not sure what practical difference that makes ... unless I'm
> missing something, doing so results in the scpjail script being
> passed the same values, and thus, resulting in the same problem.  It

The difference is you used $0 - $9 to read arguments passed to the shell
instead of depending on $SSH_ORIGINAL_COMMAND.  The former always gets it
right where the latter seems to be missing subsystems.

> would also prevent other users from logging in to the account using a
> different key, or from other users "su"ing to the account.
>

The idea of multiple users on one account is sick.  It is harder to pin
down what is going on and does not improve security.

- Ben




More information about the openssh-unix-dev mailing list