similar to: openssh-unix-dev Digest, Vol 59, Issue 12

> > On Mar 22, 2008, at 3:32 PM, Chris Wilson wrote: > > > >> As I understand the "ForceCommand" in the sshd_confing file is meant to > >> ignore any command supplied by the client, but if user's home is shared > >> by server and client machines over network (ex. NFS) then user can > >> still put something else into ~/.ssh/rc file and

Hi, As I understand the "ForceCommand" in the sshd_confing file is meant to ignore any command supplied by the client, but if user's home is shared by server and client machines over network (ex. NFS) then user can still put something else into ~/.ssh/rc file and overcome this limitation. Is it possible to disable execution of the ~/.ssh/rc file in such a case? Thaks, Mike

Is there a OpenSSH server version for Windows 2003 Server? The only OpenSSH server for Windows I found is version v3.8.1p1-1. However, this is ONLY supported on Windows NT. Is there any other openware SSH Server for Windows 2003 Server?

Hi. I have a client machine using ssh as root via key authorization to a server. The client uses rsync to send backup data to the server. I use ForceCommand to allow only this activity when using key authorization. But I also want to be able to ssh as root with a required password to do whatever I like. So I thought that in addition to root, I'd make a rootback account:

Hello, I am trying to force a command for all users *except* for users in the "wheel" group. My idea was to do the following in sshd_config: ForceCommand /usr/bin/validate-ssh-command Match Group wheel ForceCommand But obviously this doesn't work, because ForceCommand requires an argument. I couldn't find a way to achieve what I want. I wrote a patch that adds a

Hi all, At my organisation we have an LDAP infrastructure built on OpenLDAP, between Unix boxes running OpenSSH at multiple sites. It works well but the SSH key management is something of an inconvenience, especially as we would like to implement SSO with ssh-agent and passphrased keys. There is an OpenSSH patch called LPK which can allow the authorized_keys to be stored in LDAP, and that

Hi, many people are having problems using SFTP with ChrootDirectory when the jail directory (or the path above) is not owned by root. The question is if chroot'ing to usual home directories can be allowed, even though they are owned by regular users. I know that this topic has been discussed on the list several times now, so I searched the list archives for posts that invalidate the

On 12/03/2014 01:37:58 PM, Kevin Korb wrote: > As far as a backup provider goes I wouldn't expect them to use rsync > over SSL unless that were built into rsync in the future (and has > been > around long enough that most users would have it). > > I would expect them to either use rsync over ssh secured by rrsync or > rsyncd over ssh with them managing the rsyncd.conf

Hi guys, I have a server setup with openssh-5.0p1 and use some users as sftp-only chroot accounts. The following configuration yields exactly the result I want: user is chrooted, logs to syslog, all is good. #================================================# Subsystem sftp internal-sftp -f AUTHPRIV -l VERBOSE Match User fredwww ChrootDirectory %h #ForceCommand internal-sftp

Hello List. ? i?m trying to setup a limited SSH server with SFTP. The requirements: -????????? There are users to whom only SFTP should be available. (sftp-only group) -????????? There are users to whom SFTP and shell access should be available (admin group) -????????? SFTP clients have to authenticate with username and password -????????? shell users have to authenticate with private key.

On Sat, 11 Nov 2023, Bob Proulx wrote: > I am supporting a site that allows members to upload release files. I > have inherited this site which was previously existing. The goal is > to allow members to file transfer to and from their project area for > release distribution but not to allow general shell access and not to > allow access to other parts of the system. > >

Hello, I have script that I run remotely on a server, using ssh config with a 'command' call in the authorized keys file. I can successfully run this from one of my servers, but when I try from 2 other machines, I receive a Host Key Verification Failed error. When I remove the 'command' from the call from authorized keys on the remote server, I can successfully connect to the

Real networks use either PREC (as it maps 1:1 to 802.1p and MPLS TC) or DSCP. Interactive SSH uses PREC 0x0, which is just best-effort and DSCP 0x4 which has no standard meaning (found network where DSCP 0x4 was dropped, completely, as it didn't hit any defined/allowed QoS class, obviously misconfig, BE class should eat anything not already defined) Should interactive use TOS value which has

Dear All: I was wondering if it might at all be possible to have the following functionality in OpenSSH: (i) upon "timeout" of connection (say 2-5 seconds) disconnect (ii) keep trying to reconnect (iii) upon reconnection, resume session exactly where started I realize GNU screen solves (iii), although I am interested in a slightly different purpose (nxssh vs openssh). However, I am

Hi All First of all apologize for my bad English ? it is not my native language. I'm using ssh for my everyday work. And I have noticed strange behaviour in sshd daemon. In sshd_config file there is option ForceCommand, and if I'm making sftp connection it look like command is also executed, I receive error message and connection is lost. In my opinion ForceCommand should not be

Hello List, I'am using the ForceCommand in my sshd configuration to log all the user actions on my device. ForceCommand /usr/bin/log-session.sh The Log Session Script itself is working fine for logging. But now I want also use SCP to copy files and this won't work together with the ForceCommand above. The copied file is created but its zero byte on the target. scp file.tar.gz

https://bugzilla.mindrot.org/show_bug.cgi?id=1527 Summary: ForceCommand internal-sftp needs a way to enable logging Product: Portable OpenSSH Version: 5.1p1 Platform: Itanium2 OS/Version: HP-UX Status: NEW Severity: minor Priority: P4 Component: sftp-server AssignedTo:

> The benefit of rsync over ssh secured by rrsync is that it is more > like what rsync users are already used to. i don`t like rsync over ssh in an environemt with users you can?t trust. from a security perspective, i think such setup is broken by design. it`s a little bit like giving a foreigner the key to your front door and then hope that the door in the corridor to your room will be

I am supporting a site that allows members to upload release files. I have inherited this site which was previously existing. The goal is to allow members to file transfer to and from their project area for release distribution but not to allow general shell access and not to allow access to other parts of the system. Currently rsync and old scp has been restricted using a restricted shell

https://bugzilla.mindrot.org/show_bug.cgi?id=2281 Bug ID: 2281 Summary: sshd accepts empty arguments in ForceCommand and VersionAddendum Product: Portable OpenSSH Version: 6.6p1 Hardware: Other OS: Linux Status: NEW Severity: normal Priority: P5 Component: sshd