pavement

Talk:SSH, limiting to SCP or Rsync only

From FreeBSDwiki
Revision as of 04:51, 4 November 2007 by Ice (Talk | contribs)
Jump to: navigation, search

Contents

just btw

# gcc scpsftprsynconly.c -o /usr/local/bin/scpsftprsynconly
scpsftprsynconly.c: In function ‘main’:
scpsftprsynconly.c:48: error: expected ‘)’ at end of input
scpsftprsynconly.c:48: error: expected declaration or statement at end of input
# 


tried running this on a centos box and this is what I'm getting. dubl-U Tee Eff Mmm8.

--Dave 12:25, 22 October 2007 (EDT)

just guessing, really

since I don't know shit, but I added a } before the #ifdef DEBUG section and now I'm getting:

[root@web ~]# gcc scpsftprsynconly.c -o /usr/local/bin/scpsftprsynconly
scpsftprsynconly.c:45: error: expected identifier or ‘(’ before ‘if’
scpsftprsynconly.c:49: error: expected identifier or ‘(’ before ‘if’
[root@web ~]# 

which is in the first lines of

        if (argc < 3) {
               printf (restrictmsg);
               return 1;
        }
       if ((strncmp (argv [2], "scp ", 4) != 0)

wha?

--Dave 13:41, 22 October 2007 (EDT)

somebody oopsed on a kill-the-spam edit

The problem you were having was that a good samaritan who manually edited the article to remove spam accidentally damaged the code a while back. I looked through history on the article and reverted to prior to the damage. --Jimbo 15:20, 22 October 2007 (EDT)

Security aspect

You should probably not rely on scpftprsynconly to PREVENT users from executing programs on your machine,

./scpsftprsynconly foo 'scp -S givemeshell asd asd:asd' 

Will execute the givemeshell command with some obscure arguments. I haven't tried it with scpftprsynconly installed as a shell but it should be as easy as

ssh foohost 'scp -S givemeshell'.

Probably should mention this in the article..

--Ice 04:51, 4 November 2007 (EST)

Personal tools