No subject
Larry Becke
guyverdh at hotmail.com
Wed Oct 10 05:29:37 EST 2007
I understand that that is not how scp works today.
I'm suggesting that we make a minor change to how it works.
Here's the underlying reason why I think this is a good idea. The efforts required to lock down todays systems with their myriad of access features is not a trivial task. I'm not suggesting this will make it trivial to completely secure a system. I am suggesting this will make it trivial to secure one subset of the system. That subset being scp.
Using chroot'd environments doesn't really work (or at least they were never intended to be used as a security tool) without tons of effort, and even then, they tend to break rapidly with simple system/software updates. sftp at the present time, gives access to too many additional commands / features that are unnecessary for a simple file transfer. scp would fit the bill nicely, with one minor change. Let's forget about translating ../ to something else.
Given the "-T" instead of "-t" startup parameter, a simple walk through the parameters passed by the scp client spawning the scp server should do the following:
Prefix the remote path with "./", so that remhost:/path/to/file becomes remhost:.//path/to/file.
If the remote path contains "../" anywhere, error out.
With this change, we can forget about scp-only or chroot'd environments and all the convoluted mess required to make that work.
Either spawn scp with the "-T" via a public key authentication command entry, or the sshd_config file "UseSCPPathLock=Yes".
Through this option, we get a secure method of transfering files without much effort. Combine this with pub-key authentication, and command= parameters, you can control where any user places their files if outside of their home directories. Simple user permissions on the remote server control whether or not writes are allowed, or just reads. A very simple change could open a whole lot of opportunity for usage expansion. If sftp-server had this same option, then that might work, however, I haven't seen that it does - yet there would seem to me to be a lot more changes required to implement the same idea within sftp-server as it would within scp.
_________________________________________________________________
Windows Live Hotmail and Microsoft Office Outlook – together at last. Get it now.
http://office.microsoft.com/en-us/outlook/HA102225181033.aspx?pid=CL100626971033
More information about the openssh-unix-dev
mailing list