Talk:SSH, limiting to SCP or Rsync only
(6 intermediate revisions by 3 users not shown) | |||
Line 10: | Line 10: | ||
--[[User:Dave|Dave]] 12:25, 22 October 2007 (EDT) | --[[User:Dave|Dave]] 12:25, 22 October 2007 (EDT) | ||
+ | |||
+ | == just guessing, really == | ||
+ | |||
+ | since I don't know shit, but I added a } before the #ifdef DEBUG section and now I'm getting: | ||
+ | |||
+ | [root@web ~]# gcc scpsftprsynconly.c -o /usr/local/bin/scpsftprsynconly | ||
+ | scpsftprsynconly.c:45: error: expected identifier or ‘(’ before ‘if’ | ||
+ | scpsftprsynconly.c:49: error: expected identifier or ‘(’ before ‘if’ | ||
+ | [root@web ~]# | ||
+ | |||
+ | which is in the first lines of | ||
+ | if (argc < 3) { | ||
+ | printf (restrictmsg); | ||
+ | return 1; | ||
+ | } | ||
+ | if ((strncmp (argv [2], "scp ", 4) != 0) | ||
+ | |||
+ | wha? | ||
+ | |||
+ | --[[User:Dave|Dave]] 13:41, 22 October 2007 (EDT) | ||
+ | |||
+ | == somebody oopsed on a kill-the-spam edit == | ||
+ | |||
+ | The problem you were having was that a good samaritan who manually edited the article to remove spam accidentally damaged the code a while back. I looked through history on the article and reverted to prior to the damage. --[[User:Jimbo|Jimbo]] 15:20, 22 October 2007 (EDT) | ||
+ | |||
+ | == Security aspect == | ||
+ | You should probably not rely on scpftprsynconly to PREVENT users from executing programs on your machine, | ||
+ | ./scpsftprsynconly foo 'scp -S givemeshell asd asd:asd' | ||
+ | Will execute the givemeshell command with some obscure arguments. To get a shell with this inplace, upload a script/program that reverse connect or what you want then just: | ||
+ | ssh foo@barhost "scp -S echo asd asd:asd" | ||
+ | |||
+ | Probably should mention this in the article.. | ||
+ | |||
+ | --[[User:Ice|Ice]] 04:51, 4 November 2007 (EST) |
Latest revision as of 09:38, 16 January 2010
Contents |
[edit] just btw
# gcc scpsftprsynconly.c -o /usr/local/bin/scpsftprsynconly scpsftprsynconly.c: In function ‘main’: scpsftprsynconly.c:48: error: expected ‘)’ at end of input scpsftprsynconly.c:48: error: expected declaration or statement at end of input #
tried running this on a centos box and this is what I'm getting. dubl-U Tee Eff Mmm8.
--Dave 12:25, 22 October 2007 (EDT)
[edit] just guessing, really
since I don't know shit, but I added a } before the #ifdef DEBUG section and now I'm getting:
[root@web ~]# gcc scpsftprsynconly.c -o /usr/local/bin/scpsftprsynconly scpsftprsynconly.c:45: error: expected identifier or ‘(’ before ‘if’ scpsftprsynconly.c:49: error: expected identifier or ‘(’ before ‘if’ [root@web ~]#
which is in the first lines of
if (argc < 3) { printf (restrictmsg); return 1; } if ((strncmp (argv [2], "scp ", 4) != 0)
wha?
--Dave 13:41, 22 October 2007 (EDT)
[edit] somebody oopsed on a kill-the-spam edit
The problem you were having was that a good samaritan who manually edited the article to remove spam accidentally damaged the code a while back. I looked through history on the article and reverted to prior to the damage. --Jimbo 15:20, 22 October 2007 (EDT)
[edit] Security aspect
You should probably not rely on scpftprsynconly to PREVENT users from executing programs on your machine,
./scpsftprsynconly foo 'scp -S givemeshell asd asd:asd'
Will execute the givemeshell command with some obscure arguments. To get a shell with this inplace, upload a script/program that reverse connect or what you want then just:
ssh foo@barhost "scp -S echo asd asd:asd"
Probably should mention this in the article..
--Ice 04:51, 4 November 2007 (EST)