Re: SSH access restrictions

To: "I. Forbes" <iforbes@zsd.co.za>, Rudi Starcevic <rudi@oasis.net.au>, debian-isp@lists.debian.org
Subject: Re: SSH access restrictions
From: "Rudi Starcevic" <rudi@oasis.net.au>
Date: Tue, 21 Oct 2003 22:58:13 +1000
Message-id: <[🔎] 20031021125813.M46813@oasis.net.au>
In-reply-to: <[🔎] 3F95235A.17194.7C42EA@localhost>
References: <[🔎] 3F9095FF.4050202@oasis.net.au> <[🔎] 3F95235A.17194.7C42EA@localhost>

Hi,

Though I'd post something I found on the net about rbash.
I haven't tested it yet.

[quote]

But it's possible to get out from this chroot.

woockie_at_twoflower:~$ cd ..
rbash: cd: restricted
woockie_at_twoflower:~$ vi foo

in vi:
:set shell=/bin/sh
:shell
woockie_at_twoflower:~$ cd ..
woockie_at_twoflower:/home$ 

[end quote]

It's disappointing if it's that easy.
Still if they do get out and misbehave you could catch them 
with monitoring.

For stronger restrictions PAM chroot and http://www.grsecurity.org
is a class option.

Cheers
Rudi.

Reply to:

Follow-Ups:
- Re: SSH access restrictions
  - From: "I. Forbes" <iforbes@zsd.co.za>

References:
- SSH access restrictions
  - From: Rudi Starcevic <rudi@oasis.net.au>
- Re: SSH access restrictions
  - From: "I. Forbes" <iforbes@zsd.co.za>

Prev by Date: Re: SSH access restrictions
Next by Date: Re: Moving Sites
Previous by thread: Re: SSH access restrictions
Next by thread: Re: SSH access restrictions
Index(es):
- Date
- Thread