Transferring file to local machine when SSHing into a foreign box

John Olsson M john.m.olsson at ericsson.com
Mon May 14 20:33:42 EST 2012 

> If the user has access to read a file in a BASH shell then
> what is to prevent him from copying the text of that file
> right from his terminal? In fact, that is exactly what I
> have been doing and is quite the reason for suggesting the
> download feature.

You are missing my point. I'm talking about a node/computer/machine/... that offers a CLI interface via SSH on port 22 that is *not* a generic Bash-like shell. Instead it is a text-based managmenet interface of some equipment (for instance a switch or a router). This interface does not operate on files, instead it is configuration commands.

This node also offers an SFTP interface where a file system is exposed (some kind of virtual filesystem) where files can be uploaded and downloaded. Files in this virtual filesystem can ofcourse be referenced from the SSH CLI interface (e.g. configuration data is read from a file etc.).

The SFTP service might run in a chrooted environemnt, whereas the SSH CLI interface can not do this due to that it must be able to access (behind the scenes) all of the physical filesystem.


If you now enable support so that you could transfer /etc/passwd via a built-in SSH command from a node that does not expose a filesystem in the shell I see this as a security problem. That is, since the SSH CLI process can access a larger/different part of the filesystem, the proposed built-in SSH CLI filesystem transfer command could then expose any file that the process can access, right?

I'm just raising this issue, since not all nodes that offer SSH access looks and behave the same way. Not everything is a Bash shell. :)


/John

-----Original Message-----
From: Dotan Cohen [mailto:dotancohen at gmail.com] 
Sent: den 14 maj 2012 11:56
To: John Olsson M
Cc: Ángel González; openssh-unix-dev at mindrot.org
Subject: Re: Transferring file to local machine when SSHing into a foreign box

On Mon, May 14, 2012 at 10:02 AM, John Olsson M <john.m.olsson at ericsson.com> wrote:
> You also need to consider the case where the user is *not* running a 
> normal (like TCSH, Bash, ZSH, ...) shell on the server and where the 
> file system is exposed as a virtual filesystem via SFTP (which might run in another chrooted directory than the SSH subsystem).
>
> What would a path to a local file look like in this context?
>

The feature would obviously not be available in the SFTP context. For one thing, the feature requires a remote server script / command cpLocal which initiates the transfer and in SFTP there is no access to scripts / commands.


> I see this as a security hole since you suddenly get acess to files 
> via SSH which you do not get access to via SFTP (since it is chrooted)...
>

If the user has access to read a file in a BASH shell then what is to prevent him from copying the text of that file right from his terminal? In fact, that is exactly what I have been doing and is quite the reason for suggesting the download feature.



--
Dotan Cohen

http://gibberish.co.il
http://what-is-what.com

More information about the openssh-unix-dev mailing list