search for: rssh

I just released rssh version 2.2.3 to fix the problem detailed below. I haven't had time to update my website yet, and my Internet acess is quite limited these days (hence the terse announcement), so I probably won't get to that for a while. However, rssh 2.2.3 is available from the sourceforge.net site: ht...

PIZZACODE SECURITY ALERT program: rssh risk: low[*] problem: string format vulnerability in log.c details: rssh is a restricted shell for use with OpenSSH, allowing only scp and/or sftp. For example, if you have a server which you only want to allow users to copy files off of via scp, without providing shell access, you can use rssh t...

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [This came over BUGTRAQ this morning. Note the call for volunteers vis-a-vis rssh.] - ----- Forwarded message from Jason Wies <jason at xc.net> ----- List-Id: <bugtraq.list-id.securityfocus.com> List-Subscribe: <mailto:bugtraq-subscribe at securityfocus.com> To: bugtraq at securityfocus.com Cc: rssh-discuss at lists.sourceforge.net Subject: rssh and scponly a...

rssh is a small shell whose purpose is to restrict users to using scp or sftp, and also provides the facilities to place users in a chroot jail. It can also be used to lock users out of a system completely. William F. McCaw identified a minor security flaw in rssh when used with chroot jails. There is...

Since rsync 3.0 i've detected a problem with rssh and -e option....rssh doesn't allow this option...but is essential to me (cyphered transmission with ssh). Surfing the net i've seen a guy that made a patch but I don't know how reliable is...and rssh former programer says he just left the project so it's no longer his problem. Is...

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I'm pleased to announce that rssh now has per-user configurations! Today I released rssh v2.1.0 with that last peice of functionality to be added, bringing active development of rssh to a close. Additionally, I spent several hours testing and debugging this release as thoroughly as I could think to, and I'm pleased to report (t...

Affected Software: rssh - all versions prior to 2.3.0 Vulnerability: local user privilege escalation Severity: *CRITICAL* Impact: local users can gain root access Solution: Please upgrade to v2.3.1 Summary ------- rssh is a restricted shell which allows a system administrator to limit users' access to a syste...

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I released rssh v2.0.4 today. It fixes bugs in the parser which affect quoted arguments in the config file, as well as the code which builds the vector for the arguments to the exec call. In the latter case, arguments which contain a space were treated as two sepearate args. The man page was also updated to inc...

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi folks, Today I released rssh 1.0.4. rssh is a small replacement shell that provides the ability for system administrators to give specific users access to a given system via scp or sftp only. For downloads or more information, visit the rssh homepage: http://www.pizzashack.org/rssh This release fixes a stupid bug caused...

...erver --sender -de.L . As we can see, rsync runs ssh, and tells it to run, on the other side, rsync with the "-e" flag. I am not really sure what and how the "." and "L" are parsed by rsync (part of my problem). The reason this is brought up is because I'm using rssh (http://www.pizzashack.org/rssh/) as the user's shell to limit that user to only be allowed to run rsync. Rssh, however, prevent the passing of the "-e" option to rsync, as it claims (with some amount of justification) that this option allows someone to cause rsync to run any com...

List, I am putting together a sftp server and would like to use a restrictive shell with a chroot jail. I was wondering what members of the list thought about rssh as opposed to scponly. Greg Ennis

Hello everyone, If I have three computers (Host-A, Host-B and Host-C) .... is it possible to execute Rsync from Host-A and use the rsync daemon via SSH on Host-B as the source and the rsync daemon via SSH on host-C as the destination? Thank you in advance for your help. Kevin -- View this message in context: http://www.nabble.com/Rsync-from-a-third-host--tp20297112p20297112.html Sent from the

...ody's interest here, but I have written a patch to selectively override a user's shell dependent of the username. The reason behind this is, that at the high performance cluster I work at, we would like that normal users are only permitted to use scp and sftp (and thus a shell like rssh) on our master nodes, but should retain their normal shell on all other nodes. With this patch, we can define what users may retain their normal shell on the master nodes and which ones will have their shell changed to a default one. The patch can be found here: https://ubelix.unibe.ch/loca...

Hello, This patch makes it possible to restrict sftp sessions to a certain subtree of the file system on a per-Unix account basis. It requires a program such as rssh or scponly to function. A patch for rssh is also attached to this email. The method employed uses realpath() and a string comparison to check that each file or directory access is allowed. With this patch, sftp-server takes a command-line argument to indicate the directory to which the user will be...

I was trying to use rsync to send files to a fileserver using an rssh restricted server. It refuses, saying that trying to override the shell with -e is forbidden. I didn't type "-e". When I look at the source, I see /* Checking the pre-negotiated value allows --protocol=29 override. */ if (protocol_version >= 30) {...

Hi, my goal: sftp/scp only access, without the need for linux users. I want to provide 10 sftp/scp directories to 10 people. Let's call this "virtual account" I don't want to create linux users for each of them. I would like to create one linux user (backup_user). In his home-directory will be 10 directories. For each "virtual account" one directory. Every

Hi, On CentOS 7 I?m trying to set up a chrooted SFTP server on which specific users can only read and write on specific folder. And I?d like to disable some commands, so the users can only do ?cd?, ?ls?, ?get? and ?put? (and disabling ?chgrp?, ?chmod?, ?chown?, ?df? etc ?). Is there a way to achieve it, natively or with using a third-party software ? Alexandre MALDEME Analyste d'exploitation

...res. - I needed to create an environment with only sftp access and thus used: - Match User suporte ForceCommand / usr / lib / openssh / sftp-server OK! It worked perfectly! But only sftp. - Create an environment with only blocking the ssh, but scp and sftp access, I used: - Rssh; - Mysecureshell; - Scponly. Work, but change my SHELL, and also created another environment for authentication and this is not good. So I suggest to you developers the following idea: - Create the following options to sshd_config: - DenyCmdssh - DenyCmdscp - DenyCmd...

I worked on a proposal like this a few years back (including proof of concept code).? I taught sftp to have an scp personality (closer to scp2 than scp), and it was rejected by the higher ups.? It may have been the dual-personality issue, but I know the scp2 concept was also rejected at the time as it was stated there should be one transfer tool. But the only way to drag scp into this century

Hi, As per the subject line - if I look up setting up chroot jails for SFTP over SSH2 I'm led to various Web sites and patches and also to a CentOS wiki page dated 2005, but what's the 'best' or 'correct' way to set this up for Centos 4.5 and 5? Thanks