similar to: Disabling specific commands in sftp

Hi Damien, Thank you. I read the rationale. Just to summarize, a user writeable chroot target is considered dangerous if: 1) the user has another way of gaining non-chrooted access to the system 2) is able to create hardlinks to setuid-binaries outside of the chroot tree 3) there are bugs somewhere that allow privilige escalation or remote execution of other programs While all these

I worked on a proposal like this a few years back (including proof of concept code).? I taught sftp to have an scp personality (closer to scp2 than scp), and it was rejected by the higher ups.? It may have been the dual-personality issue, but I know the scp2 concept was also rejected at the time as it was stated there should be one transfer tool. But the only way to drag scp into this century

Hello, I am trying to setup a file server using the SFTP protocol with OpenSSH. I am in trouble because sshd refuses to chroot to a directory that is writable by users other than the owner. I guess that this is to prevent someone else from creating a .ssh/authorized_keys file and impersonate the user. But we have configured an alternative AuthorizedKeysFile. I also understand that a chroot user

Hi, my goal: sftp/scp only access, without the need for linux users. I want to provide 10 sftp/scp directories to 10 people. Let's call this "virtual account" I don't want to create linux users for each of them. I would like to create one linux user (backup_user). In his home-directory will be 10 directories. For each "virtual account" one directory. Every

PIZZACODE SECURITY ALERT program: rssh risk: low[*] problem: string format vulnerability in log.c details: rssh is a restricted shell for use with OpenSSH, allowing only scp and/or sftp. For example, if you have a server which you only want to allow users to copy files off of via scp, without providing shell access, you can use rssh to do that. Additioanlly, running rsync, rdist, and cvs are

Affected Software: rssh - all versions prior to 2.3.0 Vulnerability: local user privilege escalation Severity: *CRITICAL* Impact: local users can gain root access Solution: Please upgrade to v2.3.1 Summary ------- rssh is a restricted shell which allows a system administrator to limit users' access to a system via SSH to scp, sftp, rsync, rdist, and cvs. It also allows the system

> $ rsync -e 'ssh -v' lingnu.com: > OpenSSH_5.1p1 Debian-2, OpenSSL 0.9.8g 19 Oct 2007 > debug1: Reading configuration data /etc/ssh/ssh_config > debug1: Applying options for * > debug1: Connecting to lingnu.com [199.203.56.105] port 22. > debug1: Connection established. ... > debug1: Sending command: rsync --server --sender -de.L . As we can see, rsync runs ssh, and

Since rsync 3.0 i've detected a problem with rssh and -e option....rssh doesn't allow this option...but is essential to me (cyphered transmission with ssh). Surfing the net i've seen a guy that made a patch but I don't know how reliable is...and rssh former programer says he just left the project so it's no longer his problem. Is this stuff going to be updated in rsync or is

Hello everyone, If I have three computers (Host-A, Host-B and Host-C) .... is it possible to execute Rsync from Host-A and use the rsync daemon via SSH on Host-B as the source and the rsync daemon via SSH on host-C as the destination? Thank you in advance for your help. Kevin -- View this message in context: http://www.nabble.com/Rsync-from-a-third-host--tp20297112p20297112.html Sent from the

Dear all, I am trying to repeat an example from Sokal and Rohlfs "Biometry" -- Box 11.4, example of a randomized-complete-blocks experiment. The data is fairly simple: series genotype weight 1 pp 0.958 1 pb 0.985 1 bb 0.925 2 pp 0.971 2 pb 1.051 2 bb 0.952 3 pp 0.927 3 pb 0.891 3 bb 0.892 4

I was trying to use rsync to send files to a fileserver using an rssh restricted server. It refuses, saying that trying to override the shell with -e is forbidden. I didn't type "-e". When I look at the source, I see /* Checking the pre-negotiated value allows --protocol=29 override. */ if (protocol_version >= 30) { /* We make use of the -e

Hello all. This may be a trivially simple question to answer, but I'm a little bit stumped with respect to the calculation of the F statistics in nested anovas in R. If I understand correctly, the F statistic for the among-subgroups but within groups hypothesis is calculated as MS_subgroups/MS_error, while the F statistic for the factor is calculated as MS_factor/MS_subgroups (I'm

Hi, As per the subject line - if I look up setting up chroot jails for SFTP over SSH2 I'm led to various Web sites and patches and also to a CentOS wiki page dated 2005, but what's the 'best' or 'correct' way to set this up for Centos 4.5 and 5? Thanks

Dear list, I have data on insect survival in different cages; these have the following structure: deathtime status id cage S F G L S 1.5 1 1 C1 8 2 1 1 1 1.5 1 2 C1 8 2 1 1 1 11.5 1 3 C1 8 2 1 1 1 11.5 1 4 C1 8 2 1 1 1 There are 81 cages and

Hi, I am performing a repeated measures 2-way ANOVA to assess the influence of plant and leaf on aphid fecundity. Fecundity is measured for each aphid on a single leaf. Here is what I typed. wingless <- reshape(Wingless, varying =

Lately R has been behaving strange on my Linux (Ubuntu 7.10) machine, with occasional segfaults. Today something else and reproducible happened: If I type the code below (meant for calibrating data), I get the error message that "the C stack usage is too close to the limit". calcurve <- cbind(1:2e4, 1:2e4, 1:2e3); #dummy curve, real one is more complex caldist <-

Dear All, I would like to ask you how to accomplish a little tricky data manipulation. I have a large dataset, looking something like: temp line cage number 18 18 1 6678.63 18 18 1 7774.458 18 18 1 7845.902 18 18 1 9483.578 18 18 1 8983.555 18 18 1 9181.052 18 18 1 9458.696 18 18 1 8138.616 18 18 1 7981.994 18 18 1 7556.491 18 18 1 7672.137 18 18 1 6607.776 18 18 1 8383.65 18 18 1 7129.852 18 18

Dear list members, In re-running with GLMM() from the lme4 package a generalized-linear mixed model that I had previously fit with glmmPQL() from MASS, I'm getting a warning of a convergence failure, even when I set the method argument of GLMM() to "PQL": > bang.mod.1 <- glmmPQL(contraception ~ as.factor(children) + cage + urban, + random=~as.factor(children) + cage +

Hi! I do not know if it's the ideal place, but I'm sending some suggestion. Always use openssh and its enormous features. - I needed to create an environment with only sftp access and thus used: - Match User suporte ForceCommand / usr / lib / openssh / sftp-server OK! It worked perfectly! But only sftp. - Create an environment with only blocking the ssh, but scp and

Hi, Is anyone chrooting users that connect through SSH? I looked for it on Google and I basically saw several methods: - OpenSSH 5 supports ChrootDirectory (FC9 apparently has RPMs that probably could be rebuilt under CentOS 5) - There seem to be several patches for OpenSSH 4.x to do the chroot, the most popular seems to be http://chrootssh.sf.net/ - There appears to be a pam_chroot - There are