[scponly] scponly for root user
Kaleb Pederson
kaleb.pederson at gmail.com
Fri Sep 16 12:57:35 EDT 2011
I agree with Joe as well. It's possible it will work but it generally
goes against standard security practices.
Also, regardless of whether it works or not, scponly currently does
not allow root logins. See line 303:
http://scponly.cvs.sourceforge.net/viewvc/scponly/scponly/scponly.c?revision=1.50&view=markup
I'm curious what using scponly as a shell for root supposed to gain?
BTW, it is possible to have a second "root" user with a different name
and uid=0, but the uid check performed above will work regardless of
the username.
--Kaleb
On Fri, Sep 16, 2011 at 9:47 AM, wbr oblyr <joe at sublimation.org> wrote:
> I want to stress that the problem here isn't that "allowing root login
> is insecure" - the problem is that changing the root shell to a
> non-interactive shell may have adverse effects on the health your
> system. There are a few areas where the system may use the root shell
> in unexpected ways, such as booting single user mode in the event of
> disaster recovery, or maybe processing crontab entries for example.
> Testing these various concerns will vary from system to system as
> scponly runs across many types of UNIX, I'd be wary of accepting
> someone else's testimony of whether any given subsystem was ok with
> this change or not.
>
> Of course, it's up to you, I'm just volunteering an opinion.
>
> joe
>
> On Fri, Sep 16, 2011 at 9:29 AM, Johan Heikkilä
> <johan.heikkila at gmail.com> wrote:
>> 2011/9/15 Sam Chin <smch1 at hotmail.com>:
>>> Can i use scponly for root user? I do NOT permit root remotely login but
>>> would like root to be able to scp/sftp. I have installed scponly and changed
>>> the root shell to scponly shell. A super user with root privileges login
>>> into the system was not able to sudo to root.
>>
>> Hi Sam,
>>
>> configure your ssh server to allow remote root login with an ssh
>> pre-shared key. This is quite secure.
>>
>> Regards,
>> Johan
>>
>> _______________________________________________
>> scponly mailing list
>> scponly at lists.ccs.neu.edu
>> https://lists.ccs.neu.edu/bin/listinfo/scponly
>>
>
> _______________________________________________
> scponly mailing list
> scponly at lists.ccs.neu.edu
> https://lists.ccs.neu.edu/bin/listinfo/scponly
>
More information about the scponly
mailing list