similar to: chroot-ing users coming in via SSH and/or SFTP?

Hello list. I would like to get your opinion on what is a safe multi-user environment. The scenario: We would like to offer to some customers of ours some sort of network backup/archive. They would put daily or weekly backups from their local machine on our server using rsync and SSH. Therefore, they all have a user account on our server. However, we must ensure that they would absolutely not be

-----Original Message----- From: CentOS [mailto:centos-bounces at centos.org] On Behalf Of Rainer Duffner Sent: Samstag, 21. Oktober 2017 00:41 To: CentOS mailing list Subject: Re: [CentOS] scp setup jailed chroot on Centos7 > Am 20.10.2017 um 15:58 schrieb Adrian Jenzer <a.jenzer at herzogdemeuron.com>: > > Dear all > > I'm looking for instructions on how to setup a

Hi, As per the subject line - if I look up setting up chroot jails for SFTP over SSH2 I'm led to various Web sites and patches and also to a CentOS wiki page dated 2005, but what's the 'best' or 'correct' way to set this up for Centos 4.5 and 5? Thanks

List, I am putting together a sftp server and would like to use a restrictive shell with a chroot jail. I was wondering what members of the list thought about rssh as opposed to scponly. Greg Ennis

I'm interested in crafting firewall rules that throttle connections that have lasted more than a certain amount of time. (Most such connections are P2P traffic, which should be given a lower priority than other connections and may constitute network abuse.) Alas, it doesn't appear that FreeBSD's IPFW can keep tabs on how long a connection has been established. Is there another firewall

I need to build up a few servers and routers, and am wondering how FreeBSD 9.1 is shaping up. Will it be likely to be more stable and robust than 9.0-RELEASE? Are there issues that will have to wait until 9.2-RELEASE to be fixed? Opinions welcome. --Brett Glass

[Sorry about "top posting": my OT question arises from the subject..] Could someone elaborate on the "jail" under CentOS. I'm used to FreeBSD jails, and as I run CentOS and some other Linuxes for quite some time I was under impression that there is no such thing as jail under Linux [at least those flavors I run]. Under Linux I did use in variety of places chrooted

Hello all: I tried to install snort under /usr/ports/security and have some problems. with "make all", I checked every item on the menu but I got error messages: ////////////////////////////// laptop# make all ===> snort-2.8.1_1 is marked as broken: FLEXRESP2 patch file does not incorporate cleanly. *** Error code 1 Stop in /usr/ports/security/snort.

Hello, what is the right way to disable XFree86 and wdm listening ports tcp 6000 and tcp 1024. I read in man XFree86 about the -nolisten tcp option and tried to set in /usr/X11R6/lib/X11/xdm :0 local /usr/X11R6/bin/X -nolisten tcp but it was not successful. What is the right way to close the ports without use of IPFW? Your help would be appreciated. Thank?s Wolfgang

In the next month or two I've got to upgrade a number of servers that are currently on an EOL'd version of 4-STABLE. I foresee that I'll have very limited time to do full OS upgrades on these systems in the coming several years, so I want to make sure I bring them onto an extended-life branch. Right now 4.11 has the furthest projected EOL date (Jan 31 2007), and the projected EOL

Hey Guys, today I upgraded to 4.8-RELEASE-p15. As usual I set IPFIREWALL to default accept in my kernel config file. Config & make weren't complaining so, installed the kernel, reboot and there it was: >IP packet filtering initialized, divert disabled, rule-based forwarding enabled, default to deny, logging disabled Another rebuild didn't work out so... I reviewed

Hope this isn't too far OT, but its relevant to us. From isn.attrition.org >http://www.informationweek.com/story/showArticle.jhtml?articleID=20300851 > >By W. David Gardner >TechWeb News >May 13, 2004 > >As voice over IP sweeps across the high-tech landscape, many IT >managers are being lulled into a dangerous complacency because they >look upon Internet phoning

On Fri, 27 Feb 2015 00:18:24 +0000 Rowland Penny <rowlandpenny at googlemail.com> wrote: > 34, you are seriously using 34 for a standard user id number ? You > shouldn't use anything below 1000 for a normal user, these low > numbers are reserved for system use and you have run into a problem > that can only be fixed by not using such low numbers. The 3000014 > number is

https://bugzilla.mindrot.org/show_bug.cgi?id=1235 donkishoot at wanadoo.fr changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |donkishoot at wanadoo.fr --- Comment #5 from donkishoot at wanadoo.fr 2009-06-24 23:41:20 --- I have a bug that i think is

Everyone: We're starting to see a rash of password guessing attacks via SSH on all of our exposed BSD servers which are running an SSH daemon. They're coming from multiple addresses, which makes us suspect that they're being carried out by a network of "bots" rather than a single attacker. But wait... there's more. The interesting thing about these attacks is that

https://bugzilla.samba.org/show_bug.cgi?id=1890 devzero at web.de changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |devzero at web.de ------- Comment #3 from devzero at web.de 2009-08-07 05:11 CST ------- wouldn`t it be better to give up on that effort

I'm constructing a Web server which may require restricted areas of the site to be used from public places where a password might be sniffed. The damage that could be done by taking snapshots of the content from one session with a spy program is minimal. What the owner of the server does NOT want, though, is to allow unauthorized parties to gain unfettered access by stealing the password via

Please point me to the documentation explaining why some of the functions returned by calling methods() are marked as "non-visible" and whether there is indeed no way of viewing the R code of such functions thanks Steve _________________________________________________________________

Hi All, I currently have setup a site to site vpn using racoon on my freebsd firewall. All is well there and I can connect through the vpn when I am on the firewall and get the connection fine. Now I want to be able to connect from other machines through the firewall - this is where I come unstuck, the ipsec policy allows for my external address range to connect through the vpn, but then I would

Hi all, There are rumours flying around about a supposed vulnerability in OpenSSH. Two details which I've seen mentioned many times are (a) that this exploit was used to break into a RedHat system running OpenSSH 4.3 plus backported security patches, and (b) that "recent" versions of OpenSSH are not affected; but it's not clear if there is any basis for these rumours. Given