headers
Sonja Meyer | 9 Feb 14:08
Picon
Favicon
Gravatar

Restrict commands available in an SFTP session

Hello,

i am using SFTP with CHROOT. I want to allow my users that they can upload 

and download with the sftp server, but they should never do an MKDIR!
Is it possible to restrict commands and how can i do this?
i only found material of modifing the source...and that is not the best way for 

me.

regards 

Sonja Meyer
sonne_meyer <at> yahoo.de
Permalink | Reply | 1 comment |
headers
Merto Mertek | 9 Feb 00:11
Picon

Having issues with remote command execution - ssh -t host 'sudo command'

I've been trying to find an answer on other sites however I could not
resolve my problem.

spec:
os: ubuntu 10.0, OpenSSH_5.5p1 Debian-4ubuntu4, OpenSSL 0.9.8o

problem:
When trying to restart deamons on remote pcs having the same specs,
sometimes deamons are executed succesfully and sometimes not. I am using
the following command:

ssh -t -vvv "$host" 'sudo /usr/local/sbin/program'

which asks me for a pass and then continues. From the debug log I can see
that the difference from a successfull and unsuscesful run depends on
sequence of the following code blocks. If successful first runs code block1
and then block2, otherwise the opposite.

code1:
debug2: channel 0: rcvd eof
debug2: channel 0: output open -> drain
debug2: channel 0: obuf empty
debug2: channel 0: close_write
debug2: channel 0: output drain -> closed

code2:
debug1: client_input_channel_req: channel 0 rtype exit-status reply 0
debug1: client_input_channel_req: channel 0 rtype eow <at> openssh.com reply 0
debug2: channel 0: rcvd eow
debug2: channel 0: close_read
(Continue reading)

Permalink | Reply | 2 comments |
headers
Paulo | 7 Feb 13:04
Picon
Gravatar

Suggestion for openssh

Hi!

I do not know if it's the ideal place, but I'm sending some suggestion.
Always use openssh and its enormous features.

- I needed to create an environment with only sftp access and thus used:

   - Match User suporte
         ForceCommand / usr / lib / openssh / sftp-server

   OK! It worked perfectly! But only sftp.

- Create an environment with only blocking the ssh,  but scp and sftp
access, I used:
     - Rssh;
     - Mysecureshell;
     - Scponly.
   Work, but change  my SHELL, and also created another
   environment for authentication and this is not good.

So I suggest to you developers  the following idea:
- Create the following options to sshd_config:
    - DenyCmdssh
    - DenyCmdscp
    - DenyCmdsftp
  All three options above with default value "no".
  If I want to scp access only could perform the following configuration.

     - Match User suporte
             DenyCmdssh yes
(Continue reading)

Permalink | Reply | 6 comments |
headers
Zhenbo Xu | 4 Feb 02:55
Picon
Gravatar

Potential memory leak in sshd [detected by melton]

Hi all,

After the memory leaks (bug 1967
<https://bugzilla.mindrot.org/show_bug.cgi?id=1967>) I reported in
bugzilla are fixed,

I also applied melton(http://lcs.ios.ac.cn/~xuzb/melton.html)

to detect the potential bugs in sshd (openssh-5.9p1).

The url below is the index of bug reports that are checked as real
bugs manually.

http://lcs.ios.ac.cn/~xuzb/bugsfound/memleak/openssh-5.9p1/realbugs/sshd/index.html

Shall we fix these bugs? Or just let them go since they are not so serious?

Hope for your replies!

--

-- 
Zhenbo Xu
Permalink | Reply | 18 comments |
headers
Zev Weiss | 28 Jan 10:30
Picon
Gravatar

PATCH: Fix memory leak in sshd

Hello,

The below patch fixes a memory leak I noticed in monitor_read_load() when the child's log pipe is closed.

Thanks,
Zev Weiss
--

diff --git a/monitor.c b/monitor.c
index a166fed..6464eec 100644
--- a/monitor.c
+++ b/monitor.c
@@ -510,6 +510,7 @@ monitor_read_log(struct monitor *pmonitor)
 			debug("%s: child log fd closed", __func__);
 			close(pmonitor->m_log_recvfd);
 			pmonitor->m_log_recvfd = -1;
+			buffer_free(&logmsg);
 			return -1;
 		}
 		fatal("%s: log fd read: %s", __func__, strerror(errno));
Permalink | Reply | 1 comment |
headers
Zev Weiss | 28 Jan 10:25
Picon
Gravatar

PATCH: Support for encrypted host keys

Hello all,

I recently found myself wanting to run sshd with passphrase-protected host keys rather than the usual
unencrypted format, and was somewhat surprised to discover that sshd did not support this.  I'm not sure if
there's any particular reason for that, but I've developed the below patch (relative to current CVS at
time of writing) that implements this.  It prompts for the passphrase when the daemon is started,
similarly to Apache's behavior with encrypted SSL certificates.

My initial implementation instead operated by passing the passphrase along to the rexec child, but I
decided I thought it was slightly nicer to decrypt the key once and pass it along rather than redoing it
every time.  I can send the previous version if that would be preferred though -- this key-passing version
does have some resulting ugliness in its handling of options.num_host_key_files, as described in a
comment in the patch.

Thanks,
Zev Weiss
--

 Makefile.in |    2 +-
 buffer.h    |    5 ++
 bufkey.c    |  132 +++++++++++++++++++++++++++++++++++++++++++++++++++++++
 sshd.c      |  141 ++++++++++++++++++++++++++++++++++++++++++++++++-----------
 4 files changed, 253 insertions(+), 27 deletions(-)

diff --git a/Makefile.in b/Makefile.in
index 3be3aa6..3b47d18 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -61,7 +61,7 @@ MANFMT=@MANFMT@
(Continue reading)

Permalink | Reply | 8 comments |
headers
Loganaden Velvindron | 26 Jan 14:29
Picon

PermitOpen None diff

Hi,

I was wondering if this diff would make it into the next release:
https://bugzilla.mindrot.org/show_bug.cgi?id=1949

Thanks,
//Logan
C-x-C-c

--

-- 
Brightest day,
Blackest night,
No bug shall escape my sight,
And those who worship evil's mind,
be wary of my powers,
puffy lantern's light !
Permalink | Reply | 0 comments |
headers
Jeff Mitchell | 25 Jan 18:26
Picon

Server/Client Alive mechanism issues

Hello,

I have a bandwidth-constrained connection that I'd like to run rsync
over through an SSH tunnel. I also want to detect any network drops
pretty rapidly.

On the servers I'm setting (via sshd_config):

ClientAliveCountMax 5
ClientAliveInterval 1
TCPKeepAlive no

and on the clients I'm setting (via ssh_config):

ServerAliveCountMax 5
ServerAliveInterval 1
TCPKeepAlive no

After about 5 seconds, the connection is being dropped, but during that
time the rsync is successfully transferring data near the full bandwidth
of the connection.

My understanding is that since the alive mechanism is running inside the
encrypted connection, OpenSSH would be able to (and would) prioritize
the alive packets over other data. So if any data is able to get through
(and it does) the alive packets should be able to as well. But this
doesn't seem to be the case.

Is my understanding of how this is supposed to work wrong? If not, could
I have a misconfiguration somewhere, or is it possible that this is some
(Continue reading)

Permalink | Reply | 6 comments |
headers
Leo Liou | 24 Jan 21:22
Favicon
Gravatar

Solaris BSM audit support

Does anyone know if openssh has removed the experimental designation for  BSM audit support for Solaris systems?
If so, which release, please.
Thanks.
Permalink | Reply | 0 comments |
headers
Stephen Harris | 23 Jan 16:46

Patterns in HostName ?

I have a Unix host that's DHCPd, so resolv.conf is rewritten.  Because
of company policies, it's not allowed to change the client dhcp config
to override the search path.

I also need to login to a large number of machines in a specific
subdomain; eg in a lab environment.

Is it possible to do something like
  Host *.lab
    Hostname %h.sub.domain.example.com

so if I "ssh host1.lab" then it'll go to "host1.lab.sub.domain.example.com" ?

I could probably kludge it with proxycommand and "nc" but that really
feels nasty :-)

--

-- 

rgds
Stephen
Permalink | Reply | 4 comments |
headers
Dan Kaminsky | 20 Jan 10:18

Regarding Pubkey Enumeration

HD Moore from MetaSploit has noted that, given a pubkey (and not the
corresponding private key, as might be found in authorized_keys), he can
determine if he'd be able to log into an account.

It's a small thing, but he's using it for very interesting
recon/deanonymization.  He'll be releasing a paper shortly, not overplaying
the characteristic, but certainly showing it can be used to do cute things.

I expect this is easily fixable -- simply provide the challenge for a
pubkey whether or not it'd actually be able to log in successfully.  But
it's worth exploring this space -- perhaps some clients behave badly.

--Dan
Permalink | Reply | 14 comments |

Gmane