search for: pizzashack

...allow users to copy files off of via scp, without providing shell access, you can use rssh to do that. Additioanlly, running rsync, rdist, and cvs are supported, and access can be configured on a per-user basis using a simple text-based configuration file. The rssh homepage is here: http://www.pizzashack.org/rssh/ Florian Schilhabel has identified a format string bug which can allow an attacker to run arbitrary code from an account configured to use rssh. [*]In general the risk is low, as in most cases the user can only compromise their own account. The risk is mittigated by the fact that before...

...ited these days (hence the terse announcement), so I probably won't get to that for a while. However, rssh 2.2.3 is available from the sourceforge.net site: http://sourceforge.net/projects/rssh All users of rssh should update to the latest release. The rssh homepage is here: http://www.pizzashack.org/rssh Sorry for the slow response; I've had other priorities lately. DM On Thu, Dec 02, 2004 at 01:51:43PM +0000, Jason Wies wrote: > Vulnerable applications: > > rssh > All versions > All operating systems > scponly >...

...h the way va_start/va_end was used in log.c, which causes a segfault on 64-bit Linux platforms. It is believed that this bug is not exploitable, since no code in this module is ever executed with root privileges. However this is also fixed in this release. Thanks -- Derek D. Martin http://www.pizzashack.org/ GPG Key ID: 0x81CFE75D -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20051230/d7923020/attachment.bin

...D MESSAGE----- Hash: SHA1 Hi folks, Today I released rssh 1.0.4. rssh is a small replacement shell that provides the ability for system administrators to give specific users access to a given system via scp or sftp only. For downloads or more information, visit the rssh homepage: http://www.pizzashack.org/rssh This release fixes a stupid bug caused by a failure to properly check the return value of a function call. - -- Derek D. Martin http://www.pizzashack.org/ GPG Key ID: 0xDFBEAD02 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQE+E9h0djdlQoHP510RApw5AJ0SD9GPJErR6DZ...

...t home" [Personally, I think including spaces in paths is generally a bad idea, but there may be times when it is desireable/necessary.] Additionally, the default shell options were modified to allow only scp, in the event that no config file is present. Learn more about rssh: http://www.pizzashack.org/rssh/ Downloads: http://www.pizashack.org/rssh/downloads.shtml Enjoy! - -- Derek D. Martin http://www.pizzashack.org/ GPG Key ID: 0x81CFE75D -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQE/AykndjdlQoHP510RAoKIAJ99/75cqyvLxyraBDkE8Wa2gzld0QCgsHmy q0LHW/t0MHoyWmzD...

...igure all that on a per-user basis. rssh is designed to work with OpenSSH on Linux platforms, but also works on other POSIX.2-compliant OSes (it requires wordexp(), which is defined by POSIX.2), and probably also works with other sshd's. You can download the latest release here: http://www.pizzashack.org/rssh/downloads.shtml - -- Derek D. Martin http://www.pizzashack.org/ GPG Key ID: 0x81CFE75D -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQE/CfCLdjdlQoHP510RAmMnAJ9vVmZ4IX8qDH7s5Shzt2+C8wXq0ACfWwp5 Wk4IWQzTA62+mur+J54VlJc= =N+Cb -----END PGP SIGNATURE-----

...ease of rssh fixed the problem in question, but was mistakenly released missing some code for parsing per-user options. The 2.2.1 release corrects that problem, and should be the final release of rssh. No further development is planned. You can get the latest release of rssh here: http://www.pizzashack.org/rssh/ -- Derek D. Martin http://www.pizzashack.org/ GPG Key ID: 0x81CFE75D -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : http://lists.mindrot.org/pipermail/openssh-u...

....L . As we can see, rsync runs ssh, and tells it to run, on the other side, rsync with the "-e" flag. I am not really sure what and how the "." and "L" are parsed by rsync (part of my problem). The reason this is brought up is because I'm using rssh (http://www.pizzashack.org/rssh/) as the user's shell to limit that user to only be allowed to run rsync. Rssh, however, prevent the passing of the "-e" option to rsync, as it claims (with some amount of justification) that this option allows someone to cause rsync to run any command at all, escaping th...

...th privilege separation. This patch requires a binary for scp/sftp-server to be in the proper locations in each jail as well. You can chrootAll with exceptions or chroot none with a list of chroot'ed users. If your're concerned with scp/sftp only rssh is still your solution. [http://www.pizzashack.org/rssh] A web page with the patch is also available: http://majikal.dyn.dhs.org/projekts/openssh_chroot_patch/ Problems/Complaints/Suggestions/Additions can be sent to me at this address. Cheers, nick -------------- next part -------------- An embedded and charset-unspecified text was scrubbed...

I am using sftp-server chroot patch: http://marc.info/?l=openssh-unix-dev&m=116043792120525&w=2 Works fine, except user is able to ssh in box. I could change users shell to /usr/libexec/sftp-server, but then chrooting wouldn't work. What is secure way to accomplish this, so that I could give friend ssh access, so that he could upload/download stuff, but not compromise my system or

Hi, As per the subject line - if I look up setting up chroot jails for SFTP over SSH2 I'm led to various Web sites and patches and also to a CentOS wiki page dated 2005, but what's the 'best' or 'correct' way to set this up for Centos 4.5 and 5? Thanks

Hi, On CentOS 7 I?m trying to set up a chrooted SFTP server on which specific users can only read and write on specific folder. And I?d like to disable some commands, so the users can only do ?cd?, ?ls?, ?get? and ?put? (and disabling ?chgrp?, ?chmod?, ?chown?, ?df? etc ?). Is there a way to achieve it, natively or with using a third-party software ? Alexandre MALDEME Analyste d'exploitation

I installed Rails and Rubygems on a web server for a customer who wants to install a Ruby on Rails application that he developped. He needs SSH access to interact with Ruby, so I''ll have to grant him access, but I want him to only play around in his /home directory, as this server also hosts other customers. How could I do that? Thanks, -- Posted via http://www.ruby-forum.com/.

I worked on a proposal like this a few years back (including proof of concept code).? I taught sftp to have an scp personality (closer to scp2 than scp), and it was rejected by the higher ups.? It may have been the dual-personality issue, but I know the scp2 concept was also rejected at the time as it was stated there should be one transfer tool. But the only way to drag scp into this century

Hello, I'm new to the list, but hopefully I've done enough digging around that I don't get yelled at too terribly ;) We're looking to implement a chrooted environment for allowing users to scp files from servers. That's basically the only functionality that we need in this case. We're looking to chroot the user and/or remove any chance that the account can login via

...for which programs. In the most restricted case entire command lines would be stored on the remote host and the client would be allowed only to select from the list of available command lines. I'm not aware of any software that offers these capabilities today. References: http://www.pizzashack.org/rssh/index.shtml http://www.sublimation.org/scponly/ - ----- End forwarded message ----- - -- jim knoble | jmknoble at pobox.com | http://www.pobox.com/~jmknoble/ (GnuPG fingerprint: 31C4:8AAC:F24E:A70C:4000::BBF4:289F:EAA8:1381:1491) .............................................

An embedded and charset-unspecified text was scrubbed... Name: msg.pgp Url: http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20020816/fc49c170/attachment.ksh

An embedded and charset-unspecified text was scrubbed... Name: msg.pgp Url: http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20020820/23eb5774/attachment.ksh