[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Security options :-(

From: Geoff Beier
Subject: Re: Security options :-(
Date: Tue, 17 Dec 2002 09:16:24 -0600
User-agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.2.1) Gecko/20021130

Zieg, Mark wrote:

I haven't done this myself in awhile, but you can configure a "genuine login
account" -- cvsphil, in this case -- who can connect via ssh, but through no
other method.  That is, cvsphil can't login from the console, from telnet,
rlogin, etc.  I think this is mainly done by setting his login shell to
"/sbin/nologin" or the equivalent.

Then, you can configure the user's ssh login so that the ONLY command they
can run via ssh is "cvs".  By default, ssh will open a login shell, but that
won't work for cvsphil, since he won't have a login shell configured.  Nor
will you allow phil to type "ssh address@hidden rm
/usr/local/cvsroot/CVSROOT/history", because ssh will be configured to
require the command to be "cvs" (rather than "rm" in this example), and will
strip out metacharacters like "&&" and ";".  And you'll also ftpchroot
cvsphil so he can't FTP into the repository server, either.  (cvsphil's a
tenacious and sneaky bastard, after all.)

You'll also need to configure cvsphil such that he can only log on with a particular keypair. Otherwise, what stops phil from using the su command to sidestep this elaborate configuration?


reply via email to

[Prev in Thread] Current Thread [Next in Thread]