Date: Tue, 27 Feb 2001 15:10:44 -0800 From: Brooks Davis <brooks@one-eyed-alien.net> To: "Travis [Admin Team]" <traviso@RapidNet.com> Cc: Rob Simmons <rsimmons@wlcg.com>, George.Giles@mcmail.vanderbilt.edu, freebsd-security@FreeBSD.ORG Subject: Re: ftp access Message-ID: <20010227151044.A21523@Odin.AC.HMC.Edu> In-Reply-To: <Pine.BSF.4.21.0102271600160.94022-100000@rapidnet.com>; from traviso@RapidNet.com on Tue, Feb 27, 2001 at 04:01:31PM -0700 References: <20010227145512.A13920@Odin.AC.HMC.Edu> <Pine.BSF.4.21.0102271600160.94022-100000@rapidnet.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--YZ5djTAD1cGYuMQK Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, Feb 27, 2001 at 04:01:31PM -0700, Travis [Admin Team] wrote: > On Tue, 27 Feb 2001, Brooks Davis wrote: >=20 > > If you do this be sure to keep users from being able to access the syst= em > > via ssh. Otherwise they can just use ssh to spawn a shell for themselv= es: > >=20 > > ssh -t <host> /bin/sh >=20 > Course I believe you disable it with a -T doncha? >;) I'm afraid I don't see your point. It's true that -T is the opposit of -t for the ssh client, but that doens't have anything to do with the fact that any user with a valid username and password can get a shell via ssh unless you don't allow them to run ANYTHING via sshd. -- Brooks --=20 Any statement of the form "X is the one, true Y" is FALSE. PGP fingerprint 655D 519C 26A7 82E7 2529 9BF0 5D8E 8BE9 F238 1AD4 --YZ5djTAD1cGYuMQK Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE6nDP0XY6L6fI4GtQRAm0YAJ4w15oNBMxeapPCa00clxYYYhe/kwCcC1wF +KhVe2dxzv7hIs1GuWXVxwc= =1/G/ -----END PGP SIGNATURE----- --YZ5djTAD1cGYuMQK-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010227151044.A21523>