Date: Sat, 9 Dec 2000 23:25:59 -0800 From: "Crist J. Clark" <cjclark@reflexnet.net> To: "Nicolai L. Brown" <nbrown@iowaone.net> Cc: Nicolas <list@rachinsky.de>, freebsd-questions@FreeBSD.ORG Subject: Re: scp only Message-ID: <20001209232558.J96105@149.211.6.64.reflexcom.com> In-Reply-To: <Pine.BSF.4.30.0012100044030.1230-100000@everest.iowaone.net>; from nbrown@iowaone.net on Sun, Dec 10, 2000 at 12:50:26AM -0600 References: <005201c0622c$93aff800$0364000a@rachinsky.de> <Pine.BSF.4.30.0012100044030.1230-100000@everest.iowaone.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, Dec 10, 2000 at 12:50:26AM -0600, Nicolai L. Brown wrote:
>
> On Sat, 9 Dec 2000, Nicolas wrote:
>
> > I'm sorry but none of your solutions works. /bin/false as shells
> > denies any access via ssh (including scp) ~/.login containing logout
> > could be circumvented by starting another command (e.g. /bin/sh) via
> > ssh. Nicolas
>
> How? If their ~/.login contains 'logout', and they don't have access to
> overwrite it, they can't execute anything else. Maybe I'm missing
> something, show me how you are doing this.
On bubbles,
$ cat .login
logout
$ grep cjc /etc/passwd
cjc:*:1001:1001:Crist J. Clark:/usr/home/cjc:/bin/tcsh
If I try to do an interactive ssh,
$ ssh bubbles
cjc@bubbles.cjclark.org's password:
Last login: Sat Dec 9 22:41:54 2000 from main
Copyright (c) 1980, 1983, 1986, 1988, 1990, 1991, 1993, 1994
The Regents of the University of California. All rights reserved.
FreeBSD 5.0-CURRENT (BUBBLES) #0: Sat Nov 25 03:20:41 PST 2000
Welcome to FreeBSD!
Connection to bubbles.cjclark.org closed.
$
It does work like you expect. However,
$ ssh bubbles "ls -l /"
cjc@bubbles.cjclark.org's password:
total 2906
-r--r--r-- 1 root wheel 4735 Mar 20 2000 COPYRIGHT
drwxr-xr-x 2 root wheel 1024 Nov 25 13:41 bin
drwxr-xr-x 7 root wheel 512 Nov 25 13:41 boot
drwxr-xr-x 2 root wheel 512 Nov 11 10:47 cdrom
lrwxr-xr-x 1 root wheel 11 Nov 11 10:57 compat -> /usr/compat
drwxr-xr-x 3 root wheel 16896 Nov 26 01:55 dev
drwxr-xr-x 15 root wheel 2048 Nov 26 01:51 etc
lrwxrwxrwx 1 root wheel 9 Nov 11 11:08 home -> /usr/home
-rwxr-xr-x 1 root wheel 2777025 Mar 20 2000 kernel.GENERIC
-rw------- 1 root wheel 147456 Nov 26 01:55 ldconfig.core
drwxr-xr-x 2 root wheel 512 Mar 20 2000 mnt
dr-xr-xr-x 1 root wheel 512 Dec 9 23:21 proc
drwxr-xr-x 4 root wheel 1024 Nov 21 23:07 root
drwxr-xr-x 2 root wheel 2048 Nov 25 13:39 sbin
drwxr-xr-x 4 root wheel 512 Nov 11 10:47 stand
lrwxr-xr-x 1 root wheel 11 Nov 25 13:24 sys -> usr/src/sys
lrwxr-xr-x 1 root wheel 7 Nov 12 15:13 tmp -> var/tmp
drwxr-xr-x 21 root wheel 512 Dec 6 01:03 usr
lrwxr-xr-x 1 root wheel 7 Nov 11 11:22 var -> usr/var
$
Or to be a little more slick,
$ ssh bubbles "tcsh -f"
Would give me an interactive shell.
--
Crist J. Clark cjclark@alum.mit.edu
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20001209232558.J96105>