Talk:SSH, limiting to SCP or Rsync only
(→Security aspect) |
Latest revision as of 09:38, 16 January 2010
Contents |
[edit] just btw
# gcc scpsftprsynconly.c -o /usr/local/bin/scpsftprsynconly scpsftprsynconly.c: In function ‘main’: scpsftprsynconly.c:48: error: expected ‘)’ at end of input scpsftprsynconly.c:48: error: expected declaration or statement at end of input #
tried running this on a centos box and this is what I'm getting. dubl-U Tee Eff Mmm8.
--Dave 12:25, 22 October 2007 (EDT)
[edit] just guessing, really
since I don't know shit, but I added a } before the #ifdef DEBUG section and now I'm getting:
[root@web ~]# gcc scpsftprsynconly.c -o /usr/local/bin/scpsftprsynconly scpsftprsynconly.c:45: error: expected identifier or ‘(’ before ‘if’ scpsftprsynconly.c:49: error: expected identifier or ‘(’ before ‘if’ [root@web ~]#
which is in the first lines of
if (argc < 3) { printf (restrictmsg); return 1; } if ((strncmp (argv [2], "scp ", 4) != 0)
wha?
--Dave 13:41, 22 October 2007 (EDT)
[edit] somebody oopsed on a kill-the-spam edit
The problem you were having was that a good samaritan who manually edited the article to remove spam accidentally damaged the code a while back. I looked through history on the article and reverted to prior to the damage. --Jimbo 15:20, 22 October 2007 (EDT)
[edit] Security aspect
You should probably not rely on scpftprsynconly to PREVENT users from executing programs on your machine,
./scpsftprsynconly foo 'scp -S givemeshell asd asd:asd'
Will execute the givemeshell command with some obscure arguments. To get a shell with this inplace, upload a script/program that reverse connect or what you want then just:
ssh foo@barhost "scp -S echo asd asd:asd"
Probably should mention this in the article..
--Ice 04:51, 4 November 2007 (EST)