similar to: sftp question

Displaying 20 results from an estimated 10000 matches similar to: "sftp question"

2018 Jan 08
2
naive sftp user point of view was: SFTP chroot: Writable root
Am 07.01.2018 um 19:41 schrieb halfdog: > Hello list, > > I created a page to demonstrate, what would happen when chroot > root directory is writeable. In fact, code execution is possible > already, when only /etc and /bin are writable. I also tried to > escape the chroot jail, but that did not work for non-root users. > > As the 2009 CVE activities mention, that creating
2018 Jan 05
3
SFTP chroot: Writable root
On Fri, Jan 05, 2018 at 09:42:18PM +1030, David Newall wrote: > On 05/01/18 20:06, Jakub Jelen wrote: > > if the confined user has write access to the chroot directory, > > there are ways how to get out, gain privileges and or do other > > nasty things. > > I'm not inexperienced with UNIX and unix-like operating systems (30+ years), > and I can't think what
2006 Oct 18
1
Using CHROOT jail in SFTP
Good afternoon, I have been using OpenSSH 3.8p1 and added code to sftp-server.c so I could put users in chroot jail. When I setup a new system and downloaded OpenSSH 4.4p1 and tried the same patch it fails with the following in the /var/log/messages file: sftp-server[11001]: fatal: Couldn't chroot to user directory /home/newyork/ftpbcc: Operation not permitted I was wondering why one would
2002 Oct 21
1
Developers word on SFTP/SCP chroot'ing?
Hello all, I've taken a brief skim of the archives available on theaimsgroup and talked to some others regarding the ideas on chroot SSH/SFTP/SCP functionality. I've also investigated a few of the various patches out for chroot sftp|scp|ssh and am a bit of a loss at finding 'an elegant solution' to the problem. Bearing in mind the excellent starting ground of John Furman's
2010 Feb 10
1
Syslog for chroot-jailed SFTP users?
Maybe one of you can help. We have set up a CentOS server so that each user who logs in via sftp will be jailed in their home directory. Here's the relevant sshd_config: # override default of no subsystems Subsystem sftp internal-sftp -f LOCAL2 -l INFO Match Group sftponly ChrootDirectory /home/%u ForceCommand internal-sftp This actually works great, but none of
2004 Feb 05
1
Lockdown ready for testing
Hi group As promised some months ago, I'm letting you know that lockdown is now ready for testing. Please don't study the code to much, I know it is a mess and therefore a rewrite is on it's way. But feel free to take a look at the features offered, how you use them and the default settings. When lockdown is ready for production usage, I'll release version 1.0. I guess that will
2004 Dec 20
3
chroot-ing users coming in via SSH and/or SFTP?
A client wants me to set up a mechanism whereby his customers can drop files securely into directories on his FreeBSD server; he also wants them to be able to retrieve files if needed. The server is already running OpenSSH, and he himself is using Windows clients (TeraTerm and WinSCP) to access it, so the logical thing to do seems to be to have his clients send and receive files via SFTP or SCP.
2017 Oct 20
4
scp setup jailed chroot on Centos7
Dear all I'm looking for instructions on how to setup a jailed chroot directory for user which needs to upload via scp to the server. Especially I miss clear instructions about what needs to be in the jailed directory available, like binaries, libraries, etc... Without jail I get it to work, but I want to prevent user downloading for example /etc folder from the server. Does anybody have a
2008 May 01
2
openssh-5.0p1: sftp transfer logging doesn't appear to work with chroot environment
Hi all, I am running Debian Etch. I've compiled openssh-5.0p1 with pam support. I'd like to use a chrooted sftp environment for my users and also log their sftp file transfers. Currently file transfer logging stops working when I implement a jail. Logging from within the chroot seems like a useful feature. I hope it makes it in sooner rather than later. Here's the contents of my
2024 Feb 01
15
[Bug 3662] New: Make logging of chrooted sftp sessions possible internally routed to local file, without /dev/log device
https://bugzilla.mindrot.org/show_bug.cgi?id=3662 Bug ID: 3662 Summary: Make logging of chrooted sftp sessions possible internally routed to local file, without /dev/log device Product: Portable OpenSSH Version: 9.6p1 Hardware: amd64 OS: Linux Status: NEW Severity:
2020 Apr 09
2
fail2ban firewalld problems with current CentOS 7
Hi! I have a server running CentOS 7.7 (1908) with all current patches installed. I think this server should be a quite standard installation with no specialities On this server I have fail2ban with an apache and openvpn configuration. I'm using firewalld to manage the firewall rules. Fail2an is configured to use firewalld: [root at server ~]# ll /etc/fail2ban/jail.d/ insgesamt 12
2016 May 10
2
Cannot get sftp transfers to log in the systemd journal
> On 05/09/2016 06:10 PM, John wrote: > >> I'd like to have sshd write entries into the systemd journal logging > sftp transfers. From googling, it seems that one needs to edit > /etc/ssh/sshd_config adding this line: >> >> Subsystem sftp /usr/lib/ssh/sftp-server -f AUTH -l VERBOSE >> >> >> I can transfer files via filezilla (sftp)
2018 Jan 08
3
SFTP chroot: Writable root
On Sun, 2018-01-07 at 18:41 +0000, halfdog wrote: > Hello list, > > I created a page to demonstrate, what would happen when chroot > root directory is writeable. In fact, code execution is possible > already, when only /etc and /bin are writable. I also tried to > escape the chroot jail, but that did not work for non-root users. > > As the 2009 CVE activities mention,
2006 Oct 18
1
Whereis Pessulus?
Hi all, I'm mounting a LTSP server whith CentOS 4.4. The default desktop will be Gnome. I'm looking for lockdown tool and I think Pessulus maybe a good option, but I don't found it with yum. ?Is Pessulus included in CentOS? ?Another lockdown tools as alternatives? Thanks in advance. -- Jordi Espasa Clofent PGP id 0xC5ABA76A #http://pgp.mit.edu/ FSF Associate Member id 4281
2002 Nov 18
3
[Bug 438] SFTP does not work for users with RSH shells
http://bugzilla.mindrot.org/show_bug.cgi?id=438 ------- Additional Comments From mouring at eviladmin.org 2002-11-19 05:46 ------- if the user logs in and types /path/to/sftp-server does he/she get an error? If rsh is impeeding running the command then it is a rsh issue and not a sftp issue. - Ben ------- You are receiving this mail because: ------- You are the assignee for the bug, or
2011 Feb 02
9
[Bug 1852] New: Jail Root SCP not workling
https://bugzilla.mindrot.org/show_bug.cgi?id=1852 Summary: Jail Root SCP not workling Product: Portable OpenSSH Version: 5.1p1 Platform: amd64 OS/Version: Linux Status: NEW Severity: major Priority: P2 Component: scp AssignedTo: unassigned-bugs at mindrot.org ReportedBy: fr.fr at vr-web.de
2008 May 28
2
Feature request
The sshd server has what I think is a serious flaw. There appears to be no way to turn off remote command execution. (someone please correct me if I am wrong). We have a server which uses a chroot jail, and rbash to severely limit what users can do on our system. The remote command bypasses all of that. ie. ssh user at host cat /etc/passwd will display the password file for the live system
2006 Dec 19
3
/etc/rc.d/jail: losing IPs if jail_x_interface set and syntax error in jails /etc/rc?
Hi *, I recently triggered an error when setting up a jail-host: I configured the jail(s) like evry jail I set up in the past: On the jail-hosts /etc/rc.conf: # ---- Jail-Globals ---- jail_enable="YES" # Set to NO to disable starting of any jails jail_list="ftp mx1 relay" # Space separated list of names of jails
2006 Apr 13
1
Prototyping for basejail distribuition
Hi, I attach 2 files in this email, the first is a Makefile and the second is jail.conf. For demonstre my idea i resolved create one "Pseudo Prototyping", for test is necessary: 1 - Create dir /usr/local/basejail 2 - Copy Makefile to /usr/local/basejail 3 - Copy jail.conf to /etc 4 - The initial basejail is precompiled is distributed in CD1, for simular basejail is necessary a
2003 Sep 10
2
jail + postgresql + System V IPC
HI everyone, I have resently installed a jail environment on my freebsd box, and had some problems getting postgresql running under it. After looking a bit on various mailinglists i figured out that I needed to set jail.sysvipc_allowed to be 1 using sysctl in order to make postgresql run. However man jail gives me: jail.sysvipc_allowed This MIB entry determines whether or not