[Freebsd-security] Re: Multi-User Security
Crist J. Clark
cristjc at comcast.net
Mon Jun 7 20:42:00 GMT 2004
On Sun, Jun 06, 2004 at 11:38:55PM -0700, Doug Barton wrote:
> On Wed, 19 May 2004, Dan Rue wrote:
>
> >You obviously havn't tried to chroot scponly users.. _that's_ the tricky
> >part. Especially if you want it to scale up beyond a handful of users.
> >If i'm wrong - fill me in i'd love to hear how to do it.
>
> Have you considered using ~/.ssh/authorized_keys to restrict the account
> from tty access? This would allow you to do commands (like scp) without
> the risk of the user getting an actual shell.
$ ssh host /bin/sh
You don't need a tty to get an interactive shell.
--
Crist J. Clark | cjclark at alum.mit.edu
| cjclark at jhu.edu
http://people.freebsd.org/~cjc/ | cjc at freebsd.org
More information about the freebsd-security
mailing list