pavement

Talk:SSH, limiting to SCP or Rsync only

From FreeBSDwiki
(Difference between revisions)
Jump to: navigation, search
 
(2 intermediate revisions by one user not shown)
Line 34: Line 34:
  
 
The problem you were having was that a good samaritan who manually edited the article to remove spam accidentally damaged the code a while back.  I looked through history on the article and reverted to prior to the damage.  --[[User:Jimbo|Jimbo]] 15:20, 22 October 2007 (EDT)
 
The problem you were having was that a good samaritan who manually edited the article to remove spam accidentally damaged the code a while back.  I looked through history on the article and reverted to prior to the damage.  --[[User:Jimbo|Jimbo]] 15:20, 22 October 2007 (EDT)
 +
 +
== Security aspect ==
 +
You should probably not rely on scpftprsynconly to PREVENT users from executing programs on your machine,
 +
./scpsftprsynconly foo 'scp -S givemeshell asd asd:asd'
 +
Will execute the givemeshell command with some obscure arguments. To get a shell with this inplace, upload a script/program that reverse connect or what you want then just:
 +
ssh foo@barhost "scp -S echo asd asd:asd"
 +
 +
Probably should mention this in the article..
 +
 +
--[[User:Ice|Ice]] 04:51, 4 November 2007 (EST)

Latest revision as of 09:38, 16 January 2010

Contents

[edit] just btw

# gcc scpsftprsynconly.c -o /usr/local/bin/scpsftprsynconly
scpsftprsynconly.c: In function ‘main’:
scpsftprsynconly.c:48: error: expected ‘)’ at end of input
scpsftprsynconly.c:48: error: expected declaration or statement at end of input
# 


tried running this on a centos box and this is what I'm getting. dubl-U Tee Eff Mmm8.

--Dave 12:25, 22 October 2007 (EDT)

[edit] just guessing, really

since I don't know shit, but I added a } before the #ifdef DEBUG section and now I'm getting:

[root@web ~]# gcc scpsftprsynconly.c -o /usr/local/bin/scpsftprsynconly
scpsftprsynconly.c:45: error: expected identifier or ‘(’ before ‘if’
scpsftprsynconly.c:49: error: expected identifier or ‘(’ before ‘if’
[root@web ~]# 

which is in the first lines of

        if (argc < 3) {
               printf (restrictmsg);
               return 1;
        }
       if ((strncmp (argv [2], "scp ", 4) != 0)

wha?

--Dave 13:41, 22 October 2007 (EDT)

[edit] somebody oopsed on a kill-the-spam edit

The problem you were having was that a good samaritan who manually edited the article to remove spam accidentally damaged the code a while back. I looked through history on the article and reverted to prior to the damage. --Jimbo 15:20, 22 October 2007 (EDT)

[edit] Security aspect

You should probably not rely on scpftprsynconly to PREVENT users from executing programs on your machine,

./scpsftprsynconly foo 'scp -S givemeshell asd asd:asd' 

Will execute the givemeshell command with some obscure arguments. To get a shell with this inplace, upload a script/program that reverse connect or what you want then just:

ssh foo@barhost "scp -S echo asd asd:asd"

Probably should mention this in the article..

--Ice 04:51, 4 November 2007 (EST)

Personal tools