RE: OpenSSH

To: debian-security@lists.debian.org
Subject: RE: OpenSSH
From: Stephen Andrew <Andrew.Stephen@nzpost.co.nz>
Date: Wed, 17 Sep 2003 11:06:44 +1200
Message-id: <[🔎] D10B3BC6A35AD3119F3E00508B4411A20B27EA02@wncorpex2.nzpost.co.nz>

Sven Hoexter wrote:
> On Wed, Sep 03, 2003 at 11:20:45AM +0200, Matthias Faulstich wrote:
> 
> Hi,
> 
>> does anybody know, whether the chroot-patch will be included in
>> future versions of the official ssh package?
> To me it looks like you can do the same thing without patching the
> sshd if you use scponlyc (scponly[1] shell with chroot() support).

In testing and unstable there are scponly packages:
http://tinyurl.com/nm0f [packages.debian.org]

Another option if you are using testing or unstable is rssh:
http://rssh.sourceforge.net/
http://tinyurl.com/nm0o [packages.debian.org]

These both restrict the commands available to the user to allow only scp
(and sftp e.tc. possibly).  I know scponly can be recompiled with customised
commands if required.

--
Andrew Stephen                                DDI:    +64 4 460 6849
IT Security Architect                         Mobile: +64 25 582 304
New Zealand Post                              Fax:    +64 4 494 4299

   "...shouldn't a DMZ actually be called a Free Fire Zone?"
      -- Chris Mahn, Three Tiered DMZ's, May 2001



This email with any attachments is confidential and may be subject to legal
privilege.  If it is not intended for you please reply immediately, destroy
it and do not copy, disclose or use it in any way.

Reply to:

Prev by Date: Re: ssh vulnerability in the wild
Next by Date: Re: [d-security] Re: ssh vulnerability in the wild
Previous by thread: Re: OpenSSH
Next by thread: Re: Simple e-mail virus scanner
Index(es):
- Date
- Thread