Deprecation of scp protocol and improving sftp client

Thorsten Glaser t.glaser at tarent.de
Tue Aug 4 09:29:52 AEST 2020


On Tue, 4 Aug 2020, raf wrote:

> In such cases, this vulnerability can be mitigated by
> the use of an ssh-specific command whitelisting control
> such as:

Probably just as easy: give the user a restricted shell
(/bin/rmksh) as shell and set their PATH etc. suitably,
to not include any other commands.

bye,
//mirabilos
PS: Full disclosure: I’m the mksh developer
-- 
«MyISAM tables -will- get corrupted eventually. This is a fact of life. »
“mysql is about as much database as ms access” – “MSSQL at least descends
from a database” “it's a rebranded SyBase” “MySQL however was born from a
flatfile and went downhill from there” – “at least jetDB doesn’t claim to
be a database”	(#nosec)    ‣‣‣ Please let MySQL and MariaDB finally die!


More information about the openssh-unix-dev mailing list