Re: scp and sftp
> I've been playing around with the scp and sftp components of putty
> and
> noticed what I consider a security hole. Winscp does the same thing.
> The user can change to directories above their home. Is there a way
> to
> chroot them like you can in an ftp config file?
scp is merely a way to use a ssh shell login to up and download a file,
it has the same restrictions a ssh session would have.
when you login using ssh you can do "cd .." too.......so I don't see
the security problem.
> I don't see anything
> in
> the sshd config files. If you can't, how can I disable the scp
> functionality? I'm not talking about scp from the linux box. The
> users
> don't have shell access so that's not a problem. I'm referring to
> remote people using a scp client to access my linux machine. You can
> disable sftp ability by removing the sftp-server program but the scp
> server part seems to be part of sshd.
your users can't connect with the same l/p using ssh? that would be
really weird.
>
> I did not see anything about this issue on the openssh web site.
> Anybody got any suggestions?
That doesn't surprise me since this is not a bug or strange feature.
Greetz,
Ivo van Dongen
--
To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: