I have sort-of got this by setting the shell to sftp-server.
bizarre, I know, but it works, and a copy of /bin/true does not.
in both the real and chroot'ed /etc/passwd's I set the shell to the full
path to sftp-server, and sftp works, ssh does not.
ssh actually connects and will sit there until you type something, but
as soon as you type anything sftp-server says "what is this rubbish?"
and promptly hangs up on you.
I don't have any real shell, or any other binary besides sftp-server in
my chroot tree, and even though users can upload their own, they cannot
execute it because their shell is only sftp-server, which is not a shell
and cannot execute anything. I hope it doesn't have any cases where it
could execute any external program like ls (I know it doesn't need ls
specifically, just as an example the way ftpd often uses a ls binary in
the chroot path). otherwise a person might be able to upload a shell
named <whatever sftp-server might exec>
this is OpenSSH 3.5p1 with chroot patch, on SCO Open Server 5.0.6
------------
Actually it does. I tried /bin/false and it fails to setup the ssh
connection properly. I guess the shell will let sftp only run specific
sftp
commands, anything else causes it to exit.
-----Original Message-----
From: Scott Venier [mailto:scottven@umich.edu]
Sent: Wednesday, January 30, 2002 10:58 AM
To: wlug(a)mail.wlug.org
Subject: Re: [Wlug] ssh-dummy-shell for OpenSSH???
does the ssh-dummy-shell have to actually do anything for sFTP to work,
or
does it just have to be in /etc/shells? If it just has to be in
/etc/shells, /bin/false works. Been using that for years for
(non-s)FTP-only accounts.
Scott
On Wed, 30 Jan 2002, Keller, Tim wrote:
> I'm setting up a test environment using OpenSSH built in sFTP server.
What
> I want to-do is build a chroot environment where people can connect to
the
> machine via sFTP but not via SSH.
>
> I know with the commercial version of SSH they have ssh-dummy-shell
which
> when you try to connect via SSH just bails on you, but lets sFTP work
> properly.
>
> I've done some digging on the web and I haven't found anything that'll
> replace this functionality on the OpenSSH side of things.
>
> Anybody got any ideas/links of an open source version of
ssh-dummy-shell.
>
> Thanks,
> Tim.
> _______________________________________________
> Wlug mailing list
> Wlug(a)mail.wlug.org
> http://mail.wlug.org/mailman/listinfo/wlug
>
_______________________________________________
Wlug mailing list
Wlug(a)mail.wlug.org
http://mail.wlug.org/mailman/listinfo/wlug
--
Brian K. White -- brian(a)aljex.com -- http://www.aljex.com/bkw/
+++++[>+++[>+++++>+++++++<<-]<-]>>+.>.+++++.+++++++.-.[>+<---]>++.
filePro BBx Linux SCO Prosper/FACTS AutoCAD #callahans Satriani
I have a SPARCstation 10 with RH 6.2 loaded.
I am trying to get it configured as an Internet gateway, but the big hurdle I am trying to jump over right now is the modem communication.
I have checked the PROM settings and they match what I am using minicom with: 57600-8N1. (I am trying to use minicom to debug serial connection with the modem.)
When I send commands to the modem, I see the modem is getting information, but it doesn't look like the modem is responding. I don't see an OK reply, much less any other sign of life...
The modem in question is a Zoom 56k (it is the one I usually use to connect to the 'Net with, and it has worked with Linux and my ISP flawlessly in the recent past).
Once I get past this, then I can look at making sure PPP works (which I anticipate to be a relatively minor ordeal, since I have a pretty good idea what to do), and then firewall stuff.
While I think of it, would anyone know of any distributions with more-recent SPARC support? I'd like to see 2.4.x kernels with iptable support, as well as more up-to-date tools, but seeing as this beastie is on the "slow" side, recompiling everything myself would be tantamount to torture.... 8(
Any assistance would be greatly appreciated.
Best regards,
William Smith wsmith(a)chezsmith.com
Fall River, MA www.chezsmith.com
Oops...I didn't mean to reply to the list for this. Please accept my
appologies.
-mike
>
> Hi Andy,
>
> I would be interested at taking a look at them.
>
> Thanks,
> Mike
>
> >
> > Hi everybody,
> >
> > I have a couple of job descriptions available for Linux software
> engineering
> > positions. If you are interested, please send me e-mail and I'll send
> you
> > the details.
> >
> > Later,
> >
> > Andy
> >
> > --
> > Andy Stewart, Founder
> > Worcester Linux Users' Group
> > Worcester, MA USA
> > http://www.wlug.org
> >
> >
> > _______________________________________________
> > Wlug mailing list
> > Wlug(a)mail.wlug.org
> > http://mail.wlug.org/mailman/listinfo/wlug
> >
> >
> >
>
>
>
> _______________________________________________
> Wlug mailing list
> Wlug(a)mail.wlug.org
> http://mail.wlug.org/mailman/listinfo/wlug
>
>
>
Hi Andy,
I would be interested at taking a look at them.
Thanks,
Mike
>
> Hi everybody,
>
> I have a couple of job descriptions available for Linux software
engineering
> positions. If you are interested, please send me e-mail and I'll send
you
> the details.
>
> Later,
>
> Andy
>
> --
> Andy Stewart, Founder
> Worcester Linux Users' Group
> Worcester, MA USA
> http://www.wlug.org
>
>
> _______________________________________________
> Wlug mailing list
> Wlug(a)mail.wlug.org
> http://mail.wlug.org/mailman/listinfo/wlug
>
>
>
Hi everybody,
I have a couple of job descriptions available for Linux software engineering
positions. If you are interested, please send me e-mail and I'll send you
the details.
Later,
Andy
--
Andy Stewart, Founder
Worcester Linux Users' Group
Worcester, MA USA
http://www.wlug.org
Here at MW we are blessed with Solaris workstations in addition to
Linux. On Solaris 8 we have been unable to get the binary version from
mozilla.org to run. It dies silently trying to load gtk. I compiled and
installed gtk from gtk.org to no avail. Anyone run into this? Have any
hints?
Thanks very much,
-Adam
"lingua machinationis creo, ergo sum"
_____________________________________________
Adam Keck The Mathworks
508-647-7298 Natick, Ma
www.mathworks.com
FreeNIX/Backup/Unix Administrator
_____________________________________________
Hi,
I need to run a few windows applications on Linux. I was wondering
if anyone has any suggestions. The programs are:
Palm Desktop 4.1
Eudora 5.2
And a couple of programs to programs 2 different ham radios.
As for the linux setup. We'll have to wait and see the answer - I'm doing a
fresh install on a new computer (will there be an install feast anytime
soon?). I'm thinking Mandrake.
Geoffrey Phillips
gphillips(a)clarkie.net (Professional)
As a few of you may already know, WPI has just recently installed an Access
Grid Node. For those of you who have never heard of the Access Grid project,
it's a completely immersive video conferencing system - like traditional
videoconferencing, but arranged such that the technology portion becomes
invisible, and you can converse with others as if they were in the same room.
More details at http://www.accessgrid.org/
My idea was that if we could find a couple of remote sites with people who
might be interested in joining us, we could have a meeting over the Access
Grid.
A list of other Access Grid sites is up at
http://www-fp.mcs.anl.gov/fl/accessgrid/nodes.htm and includes BU at least.
If anyone knows anyone else at any of these sites who would be interested, we
can start seeing about scheduling the time needed in all of the spaces.
--
Frank Sweetser fs at wpi.edu
WPI Network Engineer
HI Everybody,
The next WLUG meeting will be held this coming Wednesday, February 19th, 2003
in a different location. The meeting room will be AK233 (Atwater Kent room
233). Please refer to the Wlug Meetings...Directions link for directions to
this room. The building is right next to Salisbury Labs on the WPI campus.
Please note the earlier start time of 6:00 PM !
At this meeting, we'll be having a LAN party ! This is WLUG's first LAN party
so I'm curious to see what people bring. You'll need to bring your network
gear (hubs, switches, cables) and a laptop or desktop machine with networking
enabled. We'll interconnect all of the machines to create one big WLUG LAN.
I'll bring my PLIP cable for the masochists in the crowd. This network most
likely will *not* have access to the Internet (but we'll see what we can do).
On this LAN, all sorts of activities could take place, such as multiplayer
games, network security scans, attempts to (non-destructively!) crack another
persons system to teach them about their security weaknesses, and more. Its
really up to all of you and your imaginations as to what we can do with this
type of setup. I'll even entertain doing a couple of network based Linux
installations if folks want that. If people need help configuring their
systems for networking, that help will be available. I'll also be available
to do a demonstration of VNC for those interested. The possibilities are
really endless.
Due to the amount of time to setup such a LAN and still have time to have fun
with it, I've extended the time of the WLUG meeting from 6:00 PM - 9:00 PM
(note earlier start time!).
Have a lot of fun, and I'll see you all on Wednesday.
Andy
--
Andy Stewart, Founder
Worcester Linux Users' Group
Worcester, MA USA
http://www.wlug.org