[scponly] scponly interactive question
Roste Pal Asmund
pal.asmund.roste at edb.com
Tue Apr 1 11:40:07 EST 2003
You are saying that "anyting pretending to be winscp" is able to issue
commands like chown, rm, scp, .... I find this most interesting. Can anyone
tell me how i can issue an rm in the scponly "shell". I am having a project
here where the customer shall login to my site, and get some files, and so I
have used scponly for good security (since he is not suposed to get full
access to my server), but it would be nice if he could remove the files he
had just picked up.
I have also found a way where I can delete the files he have picked up by
looking in the syslog.log where the filenames of the files he have gotten
are.
Can anyone tell me how to issue a rm to the scponly shell?
Pal Asmund Roste
-----Original Message-----
From: wbr oblyr [mailto:joe at sublimation.org]
Sent: 25. mars 2003 05:35
To: Scott Johnson
Cc: scponly at lists.ccs.neu.edu
Subject: Re: [scponly] scponly interactive question
hey scott, good question. i've been wondering why no one every asked this
question.
what you're seeing is the winscp compatibility feature talking back to
you. winscp compatibility *IS* an interactive shell. if you turn on the
logging in winscp, you can see what winscp does when it logs in.
basically, winscp (or anything pretending to be winscp) is able to issue
commands like chown, rm, scp, etc - one after the other without logging
out. while this may seem like this completely contracts the point of
scponly, the only command that is allowed in winscp compatibility that is
not allowed in the noninteractive nonwinscp mode is "cd". furthermore,
the argument checking is not more lenient is winscp-mode than it is in
nonwinscp mode. in fact, its the same code.
but, if you're not comfortable with the distinction between an interactive
and noninteractive shell session, you can easily disable winscp
compatibility at compile time, like so:
./configure --disable-winscp-compat
then reinstall and you will find scponly is much less polite to people who
try to ssh in.
joe
----
PGP KEY: http://www.sublimation.org/contact.html
PGP Key fingerprint = EC4B 0DA5 B4F6 BDDD 9176 55D6 3A6A 7D63 158F 22D2
On Mon, 24 Mar 2003, Scott Johnson wrote:
> Hello,
>
> I'm wondering exactly what happens when I make an interactive connection
to
> my server that is running scponly. When I connect, I get this:
>
> > ssh localhost
> scottj at localhost's password:
> Last login: Mon Mar 24 16:57:01 2003 from xxx.xxx.org
>
> And then, any text input in that session returns the following line:
>
> WinSCP: this is end-of-file:0
>
> Why does this happen? It would seem to me that scponly should not allow
> this type of interactive session. What can I do to prevent this?
>
> Thanks,
> Scott
>
>
>
>
>
> _______________________________________________
> scponly mailing list
> scponly at lists.ccs.neu.edu
> https://lists.ccs.neu.edu/bin/listinfo/scponly
>
_______________________________________________
scponly mailing list
scponly at lists.ccs.neu.edu
https://lists.ccs.neu.edu/bin/listinfo/scponly
More information about the scponly
mailing list