chroot + ssh concerns

Asif Iqbal iqbala at qwestip.net
Mon Jan 5 10:24:11 EST 2004


Lev Lvovsky wrote:
> Much appreciated, but it'd requires that we configure and setup 
> something that opens yet another port on our boxes.  Ssh + chroot or 
> ssh + some restricted shell (my preference), fulfills all of our needs. 
>  It's a matter of determining which is the better of the two.
> 
> thanks!
> -lev

Put the attachment perl script on the remote server where you scp'ing
data. And put the public key of the local user (who is pushing the data)
on the remote users authorized_keys file. It should be something like
this (all in one line)

command="/usr/local/bin/scp-wrapper.pl" 1024 35 135802531990773152829326561419029663876623858389623765360723291
717877679894577251403114363927425150043755098768550074505022334963105905416029813377991698026339350740612923077
166157161569333618389331031443240156765636406924973575483180081588417877395313133871218041254511890930041145231
753514951576173785110631 scponlykey


> 
> 
> On Dec 30, 2003, at 9:09 PM, Asif Iqbal wrote:
> >Check this out
> >
> >http://cr.yp.to/publicfile.html
> >
> >Same guy who wrote qmail
> >
> >-- 
> >Asif Iqbal
> >http://pgpkeys.mit.edu:11371/pks/lookup?op=get&search=0x8B686E08
> >There's no place like 127.0.0.1
> 

-- 
Asif Iqbal
PGP Key: E62693C5
There's no place like 127.0.0.1
-------------- next part --------------
A non-text attachment was scrubbed...
Name: scp-wrapper.pl
Type: application/x-perl
Size: 1220 bytes
Desc: not available
Url : http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20040104/bbbc4cec/attachment.bin 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 185 bytes
Desc: not available
Url : http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20040104/bbbc4cec/attachment-0001.bin 


More information about the openssh-unix-dev mailing list