Displaying 20 results from an estimated 700 matches similar to: "Disabling specific commands in sftp"
2015 May 02
2
sftp chroot requirements
Hi Damien,
Thank you. I read the rationale.
Just to summarize, a user writeable chroot target is considered
dangerous if:
1) the user has another way of gaining non-chrooted access to the system
2) is able to create hardlinks to setuid-binaries outside of the chroot tree
3) there are bugs somewhere that allow privilige escalation or remote
execution of other programs
While all these
2019 Jan 23
3
Status of SCP vulnerability
I worked on a proposal like this a few years back (including proof of
concept code).? I taught sftp to have an scp personality (closer to scp2
than scp), and it was rejected by the higher ups.? It may have been the
dual-personality issue, but I know the scp2 concept was also rejected at
the time as it was stated there should be one transfer tool.
But the only way to drag scp into this century
2019 Jul 15
7
Feature request: allow chrooted directory writable by others
Hello, I am trying to setup a file server using the SFTP protocol with OpenSSH.
I am in trouble because sshd refuses to chroot to a directory that is
writable by users other than the owner. I guess that this is to
prevent someone else from creating a .ssh/authorized_keys file and
impersonate the user. But we have configured an alternative
AuthorizedKeysFile. I also understand that a chroot user
2017 Sep 01
3
sftp/scp only without real users
Hi,
my goal: sftp/scp only access, without the need for linux users.
I want to provide 10 sftp/scp directories to 10 people. Let's call this
"virtual account"
I don't want to create linux users for each of them.
I would like to create one linux user (backup_user). In his
home-directory will be 10 directories. For each "virtual account" one
directory.
Every
2004 Oct 23
1
rssh: pizzacode security alert
PIZZACODE SECURITY ALERT
program: rssh
risk: low[*]
problem: string format vulnerability in log.c
details:
rssh is a restricted shell for use with OpenSSH, allowing only scp
and/or sftp. For example, if you have a server which you only want to
allow users to copy files off of via scp, without providing shell
access, you can use rssh to do that. Additioanlly, running rsync,
rdist, and cvs are
2005 Dec 30
5
rssh: root privilege escalation flaw
Affected Software: rssh - all versions prior to 2.3.0
Vulnerability: local user privilege escalation
Severity: *CRITICAL*
Impact: local users can gain root access
Solution: Please upgrade to v2.3.1
Summary
-------
rssh is a restricted shell which allows a system administrator to
limit users' access to a system via SSH to scp, sftp, rsync, rdist,
and cvs. It also allows the system
2008 Oct 05
4
Why is -e sent to the remote rsync side?
> $ rsync -e 'ssh -v' lingnu.com:
> OpenSSH_5.1p1 Debian-2, OpenSSL 0.9.8g 19 Oct 2007
> debug1: Reading configuration data /etc/ssh/ssh_config
> debug1: Applying options for *
> debug1: Connecting to lingnu.com [199.203.56.105] port 22.
> debug1: Connection established.
...
> debug1: Sending command: rsync --server --sender -de.L .
As we can see, rsync runs ssh, and
2008 Mar 08
1
rsync 3.0 and rssh
Since rsync 3.0 i've detected a problem with rssh and -e option....rssh
doesn't allow this option...but is essential to me (cyphered transmission
with ssh).
Surfing the net i've seen a guy that made a patch but I don't know how
reliable is...and rssh former programer says he just left the project so
it's no longer his problem.
Is this stuff going to be updated in rsync or is
2008 Nov 03
3
Rsync from a third host?
Hello everyone,
If I have three computers (Host-A, Host-B and Host-C) .... is it possible to
execute Rsync from Host-A and use the rsync daemon via SSH on Host-B as the
source and the rsync daemon via SSH on host-C as the destination?
Thank you in advance for your help.
Kevin
--
View this message in context: http://www.nabble.com/Rsync-from-a-third-host--tp20297112p20297112.html
Sent from the
2006 Nov 03
5
ANOVA in Randomized-complete blocks design
Dear all,
I am trying to repeat an example from Sokal and Rohlfs "Biometry" --
Box 11.4, example of a randomized-complete-blocks experiment.
The data is fairly simple:
series genotype weight
1 pp 0.958
1 pb 0.985
1 bb 0.925
2 pp 0.971
2 pb 1.051
2 bb 0.952
3 pp 0.927
3 pb 0.891
3 bb 0.892
4
2013 Sep 24
2
Protocol negotiation issue in rsync
I was trying to use rsync to send files to a fileserver using an rssh
restricted server.
It refuses, saying that trying to override the shell with -e is forbidden. I
didn't type "-e".
When I look at the source, I see
/* Checking the pre-negotiated value allows --protocol=29 override. */
if (protocol_version >= 30) {
/* We make use of the -e
2002 Apr 15
1
nested anova not giving expected results
Hello all. This may be a trivially simple question to answer, but I'm a little
bit stumped with respect to the calculation of the F statistics in nested
anovas in R. If I understand correctly, the F statistic for the
among-subgroups but within groups hypothesis is calculated as
MS_subgroups/MS_error, while the F statistic for the factor is calculated as
MS_factor/MS_subgroups (I'm
2007 Sep 05
3
Chrooting SFTP over SSH2
Hi,
As per the subject line - if I look up setting up chroot jails for SFTP over
SSH2 I'm led to various Web sites and patches and also to a CentOS wiki page
dated 2005, but what's the 'best' or 'correct' way to set this up for Centos
4.5 and 5?
Thanks
2005 Nov 17
1
Mean survival times
Dear list,
I have data on insect survival in different cages; these have the
following structure:
deathtime status id cage S F G L S
1.5 1 1 C1 8 2 1 1 1
1.5 1 2 C1 8 2 1 1 1
11.5 1 3 C1 8 2 1 1 1
11.5 1 4 C1 8 2 1 1 1
There are 81 cages and
2009 Sep 23
1
re peated measures
Hi,
I am performing a repeated measures 2-way ANOVA to assess the influence of
plant and leaf on aphid fecundity. Fecundity is measured for each aphid on a
single leaf.
Here is what I typed.
wingless <- reshape(Wingless,
varying =
2008 Jan 26
2
Error: C stack usage is too close to the limit
Lately R has been behaving strange on my Linux (Ubuntu 7.10) machine,
with occasional segfaults. Today something else and reproducible
happened:
If I type the code below (meant for calibrating data), I get the error
message that "the C stack usage is too close to the limit".
calcurve <- cbind(1:2e4, 1:2e4, 1:2e3); #dummy curve, real one is more complex
caldist <-
2003 Jul 28
3
data manipulation: getting mean value every 5 rows
Dear All,
I would like to ask you how to accomplish a little tricky data
manipulation. I have a large dataset, looking something like:
temp line cage number
18 18 1 6678.63
18 18 1 7774.458
18 18 1 7845.902
18 18 1 9483.578
18 18 1 8983.555
18 18 1 9181.052
18 18 1 9458.696
18 18 1 8138.616
18 18 1 7981.994
18 18 1 7556.491
18 18 1 7672.137
18 18 1 6607.776
18 18 1 8383.65
18 18 1 7129.852
18 18
2004 Nov 23
2
Convergence problem in GLMM
Dear list members,
In re-running with GLMM() from the lme4 package a generalized-linear mixed
model that I had previously fit with glmmPQL() from MASS, I'm getting a
warning of a convergence failure, even when I set the method argument of
GLMM() to "PQL":
> bang.mod.1 <- glmmPQL(contraception ~ as.factor(children) + cage + urban,
+ random=~as.factor(children) + cage +
2012 Feb 07
3
Suggestion for openssh
Hi!
I do not know if it's the ideal place, but I'm sending some suggestion.
Always use openssh and its enormous features.
- I needed to create an environment with only sftp access and thus used:
- Match User suporte
ForceCommand / usr / lib / openssh / sftp-server
OK! It worked perfectly! But only sftp.
- Create an environment with only blocking the ssh, but scp and
2008 Jun 07
2
Chroot'ed SSH
Hi,
Is anyone chrooting users that connect through SSH?
I looked for it on Google and I basically saw several methods:
- OpenSSH 5 supports ChrootDirectory (FC9 apparently has RPMs that
probably could be rebuilt under CentOS 5)
- There seem to be several patches for OpenSSH 4.x to do the chroot,
the most popular seems to be http://chrootssh.sf.net/
- There appears to be a pam_chroot
- There are