AW: Answers of using SCP

To: "Vineet Kumar" <debian-user@virtual.doorstop.net>, <debian-user@lists.debian.org>
Cc: <Boris@spletzone.com>
Subject: AW: Answers of using SCP
From: "Andre Fassbender" <afassbender@eSeSIX.COM>
Date: Wed, 31 Jul 2002 10:35:35 +0200
Message-id: <[🔎] DDA3679AFA19CD42A33A0F221A0B307A2C0F69@es-adc.intern.ad.esesix.net>

I talked about a sick and fast way....nevermind.  Of course you also
start sshd change rooted, so if the user logins he can't do anything
interesting. (Yes, except he knows an local root exploit...)

> From: Boris [mailto:Boris@spletzone.com]
> 
> User can easily escape to shell with a few quick CTRL+C 
> keystrokes. So this
> won't stop any clueful user.

first, you could deactivate ctrl-c and second you have to got an
accoustic coupler and and 486 at the other side to get strg-c sended at
the right time, but then you also can whistle to exploit that....  ;-)

<snip>

> You're better off disallowing connects except using publickey
> authentication, and specifying the command /usr/lib/sftp-server as the
> only command that key is authorized to run. I think that should work,
> though I haven't tried it.

IMHO this combined with a change rooted file system would be a nice
solution for that...

Reply to:

Follow-Ups:
- Re: Answers of using SCP
  - From: "Boris Sagadin" <Boris@spletzone.com>

Prev by Date: Re: OpenOffice mirror-page issues (was: Re: StarOffice OpenOffice in a .deb ?)
Next by Date: apt-cdrom and loopback .iso files
Previous by thread: Re: Perl scripts using Cron
Next by thread: Re: Answers of using SCP
Index(es):
- Date
- Thread