Displaying 20 results from an estimated 200 matches similar to: "[semi-OT] rssh"
2005 Jan 15
0
rssh and scponly arbitrary command execution
I just released rssh version 2.2.3 to fix the problem detailed below.
I haven't had time to update my website yet, and my Internet acess is
quite limited these days (hence the terse announcement), so I probably
won't get to that for a while. However, rssh 2.2.3 is available from
the sourceforge.net site:
http://sourceforge.net/projects/rssh
All users of rssh should update to the
2003 Jul 07
0
[semi-OT] rssh FINAL RELEASE! Well, hopefully.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I'm pleased to announce that rssh now has per-user configurations!
Today I released rssh v2.1.0 with that last peice of functionality to
be added, bringing active development of rssh to a close.
Additionally, I spent several hours testing and debugging this release
as thoroughly as I could think to, and I'm pleased to report (tongue
in cheek)
2004 Jun 19
0
security flaw in rssh
rssh is a small shell whose purpose is to restrict users to using scp
or sftp, and also provides the facilities to place users in a chroot
jail. It can also be used to lock users out of a system completely.
William F. McCaw identified a minor security flaw in rssh when used
with chroot jails.
There is a bug in rssh 2.0 - 2.1.x which allows a user to gather
information outside of a chrooted jail
2004 Oct 23
1
rssh: pizzacode security alert
PIZZACODE SECURITY ALERT
program: rssh
risk: low[*]
problem: string format vulnerability in log.c
details:
rssh is a restricted shell for use with OpenSSH, allowing only scp
and/or sftp. For example, if you have a server which you only want to
allow users to copy files off of via scp, without providing shell
access, you can use rssh to do that. Additioanlly, running rsync,
rdist, and cvs are
2003 Jan 02
0
rssh 1.0.4 released
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi folks,
Today I released rssh 1.0.4. rssh is a small replacement shell that
provides the ability for system administrators to give specific users
access to a given system via scp or sftp only.
For downloads or more information, visit the rssh homepage:
http://www.pizzashack.org/rssh
This release fixes a stupid bug caused by a failure to
2004 Dec 03
1
[BUGTRAQ] rssh and scponly arbitrary command execution
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
[This came over BUGTRAQ this morning. Note the call for volunteers
vis-a-vis rssh.]
- ----- Forwarded message from Jason Wies <jason at xc.net> -----
List-Id: <bugtraq.list-id.securityfocus.com>
List-Subscribe: <mailto:bugtraq-subscribe at securityfocus.com>
To: bugtraq at securityfocus.com
Cc: rssh-discuss at
2005 Dec 30
5
rssh: root privilege escalation flaw
Affected Software: rssh - all versions prior to 2.3.0
Vulnerability: local user privilege escalation
Severity: *CRITICAL*
Impact: local users can gain root access
Solution: Please upgrade to v2.3.1
Summary
-------
rssh is a restricted shell which allows a system administrator to
limit users' access to a system via SSH to scp, sftp, rsync, rdist,
and cvs. It also allows the system
2008 Oct 05
4
Why is -e sent to the remote rsync side?
> $ rsync -e 'ssh -v' lingnu.com:
> OpenSSH_5.1p1 Debian-2, OpenSSL 0.9.8g 19 Oct 2007
> debug1: Reading configuration data /etc/ssh/ssh_config
> debug1: Applying options for *
> debug1: Connecting to lingnu.com [199.203.56.105] port 22.
> debug1: Connection established.
...
> debug1: Sending command: rsync --server --sender -de.L .
As we can see, rsync runs ssh, and
2008 Mar 08
1
rsync 3.0 and rssh
Since rsync 3.0 i've detected a problem with rssh and -e option....rssh
doesn't allow this option...but is essential to me (cyphered transmission
with ssh).
Surfing the net i've seen a guy that made a patch but I don't know how
reliable is...and rssh former programer says he just left the project so
it's no longer his problem.
Is this stuff going to be updated in rsync or is
2003 Jan 03
0
[patch] chroot support for openssh-3.5p1
Good Morning All,
Attached is a full patch [or so I hope] enabling chroot support for sshd. I know varied opinions about chroot exist
among the masses; however, I continue to believe that until something far outside the scope of openssh tackles the
sandbox issue, the role of enforcer will continue to be with the daemon.
This patch is based on a previous work by John Furman as well as Eric
2011 Mar 27
1
rssh / scponly
List,
I am putting together a sftp server and would like to use a restrictive
shell with a chroot jail. I was wondering what members of the list
thought about rssh as opposed to scponly.
Greg Ennis
2006 Jun 24
1
[PATCH] sftp-server Restricted Access
Hello,
This patch makes it possible to restrict sftp sessions to a certain
subtree of the file system on a per-Unix account basis. It requires a
program such as rssh or scponly to function. A patch for rssh is also
attached to this email.
The method employed uses realpath() and a string comparison to check
that each file or directory access is allowed.
With this patch, sftp-server takes a
2005 Aug 04
0
Patch to selectively override a user's shell
Hello,
I don't know if this is of anybody's interest here, but I have
written a patch to selectively override a user's shell dependent of
the username.
The reason behind this is, that at the high performance cluster I
work at, we would like that normal users are only permitted to use
scp and sftp (and thus a shell like rssh) on our master nodes, but
should retain their
2003 Aug 16
0
sftp-server (secure) chroot patch?
Hello,
I know this chroot issue has been brought up many times before on this list. I saw that the contribibuted chroot-patch was removed from the contrib directory because it always was out of date. The main reason was of course was that sftp-server has to be run as root to be able to do the chroot() call? Most of you are against chroot (since it isnt in the src) but I believe a lot of users
2012 Feb 07
3
Suggestion for openssh
Hi!
I do not know if it's the ideal place, but I'm sending some suggestion.
Always use openssh and its enormous features.
- I needed to create an environment with only sftp access and thus used:
- Match User suporte
ForceCommand / usr / lib / openssh / sftp-server
OK! It worked perfectly! But only sftp.
- Create an environment with only blocking the ssh, but scp and
2023 Dec 08
2
Non-shell accounts and scp/sftp
On Fri, 8 Dec 2023 at 07:39, Philip Prindeville
<philipp_subx at redfish-solutions.com> wrote:
[...]
> Problem is that if their default shell isn't sh, ash, dash, bash, zsh, etc. then things break.
> Is there a workaround to allow scp/sftp to continue to work even for non-shell accounts?
sftp should work regardless of the user's shell since it is invoked as
a ssh subsystem
2013 Sep 24
2
Protocol negotiation issue in rsync
I was trying to use rsync to send files to a fileserver using an rssh
restricted server.
It refuses, saying that trying to override the shell with -e is forbidden. I
didn't type "-e".
When I look at the source, I see
/* Checking the pre-negotiated value allows --protocol=29 override. */
if (protocol_version >= 30) {
/* We make use of the -e
2007 Sep 05
3
Chrooting SFTP over SSH2
Hi,
As per the subject line - if I look up setting up chroot jails for SFTP over
SSH2 I'm led to various Web sites and patches and also to a CentOS wiki page
dated 2005, but what's the 'best' or 'correct' way to set this up for Centos
4.5 and 5?
Thanks
2016 Sep 02
0
CentOS Digest, Vol 140, Issue 1
On Thu, Sep 1, 2016 at 5:30 PM, <centos-request at centos.org> wrote:
> Send CentOS mailing list submissions to
> centos at centos.org
>
> To subscribe or unsubscribe via the World Wide Web, visit
> https://lists.centos.org/mailman/listinfo/centos
> or, via email, send a message with subject or body 'help' to
> centos-request at
2017 Feb 10
4
Disabling specific commands in sftp
Hi,
On CentOS 7 I?m trying to set up a chrooted SFTP server on which specific users can only read and write on specific folder. And I?d like to disable some commands, so the users can only do ?cd?, ?ls?, ?get? and ?put? (and disabling ?chgrp?, ?chmod?, ?chown?, ?df? etc ?). Is there a way to achieve it, natively or with using a third-party software ?
Alexandre MALDEME
Analyste d'exploitation