HowTo Disable execution of commands whit ssh and scp/sftp
Alexander Dalloz
alexander.dalloz at uni-bielefeld.de
Thu Mar 11 17:57:16 UTC 2004
Am Do, den 11.03.2004 schrieb Dario Lesca um 18:44:
> Hi, someone know howto disable the execution of any command via ssh and
> disable the scp/sftp service?
>
> OK; ssh user at host
> NO: ssh user at host cat /etc/passwd
> NO: scp user at host:/etc/passwd /tmp
> NO: sftp user at host
>
> Many thanks!
The keyword is "chroot" or "jail". It means to ban a user into his home
and limit commands to those inside the chroot.
This sounds simple but it is not. There are a few howtos available (do a
google search), but they can let experienced users escape from chroot.
For a real solution it needs the use of kernel patches and ACLs like
grsecurity or - which comes with FC2 - SELinux.
Alexander
--
Alexander Dalloz | Enger, Germany | GPG key 1024D/ED695653 1999-07-13
Fedora GNU/Linux Core 1 (Yarrow) on Athlon CPU kernel 2.4.22-1.2174.nptl
Sirendipity 18:54:33 up 2 days, 19:14, load average: 1.13, 1.17, 1.15
[ Γνωθι σ'αυτον - gnothi seauton ]
my life is a planetarium - and you are the stars
More information about the fedora-list
mailing list