[scponly] V 4.0 allows ssh ??

Terry Gliedt tpg at umich.edu
Fri Dec 17 13:33:23 EST 2004 

wby oblyr wrote:
> It is worth mentioning that scp does not operate without ssh.  If one were to disable ssh completely, 
> scponly would not function.  ssh is just the transport for commands like "scp".
> 
> for some of these commands, i believe it is misleading to restrict things like directory creation,
> renaming files, copying files, overwriting files, et cetera - all these things can be accomplished with
> just the "scp"  binary anyway.
> 
> there are still other commands, however. "chmod", "chgrp", "ls" and "rm" are the things i would consider
> for compile time configuration.

Yes, I understand. What I was expecting (and now have cause I removed 
the code you reference below) is a 'shell' which only allows scp 
commands to work. One cannot get ssh to a destination host to work. I'll 
combine this with a special sshd using a particular port and iptables to 
control access and I'll have a resasonably safe mechanism to SCP data 
from one machine to another.

Thanks again for your time.

> Terry Gliedt wrote this message on Fri, Dec 17, 2004 at 08:12 -0500:
> 
>>wby oblyr wrote:
>>
>>>this is a documentation problem.
>>>
>>>in scp compatibility mode, scponly WILL allow certain file navigation 
>>>functionality relating to file transfers.
>>>
>>
>>>from the source:
>>
>>>#ifdef ENABLE_SCP2
>>>   { PROG_LS, 1 },
>>>   { PROG_CHMOD, 1 },
>>>   { PROG_CHOWN, 1 },
>>>   { PROG_CHGRP, 1 },
>>>   { PROG_MKDIR, 1 },
>>>   { PROG_RMDIR, 1 },
>>>   { PROG_SCP, 1 },
>>>   { PROG_LN, 1 },
>>>   { PROG_MV, 1 },
>>>   { PROG_RM, 1 },
>>>   { PROG_CD, 1 },
>>>#endif /*ENABLE_SCP2*/
>>>
>>>those uppercase macro definitions are established by ./configure at 
>>>compile time.
>>>
>>>the reasoning here was to allow sftp-ish functionality via scp.  listing 
>>>and manipulating files and directories are all within the domain of 
>>>scponly.
>>>
>>>i WILL correct the documentation so that people will not be surprised by 
>>>this behaviour in the future.
>>>
>>>i may also make the configuration parameters more granular for this 
>>>behaviour.  check back in 4.1 
>>
>>If I may, I'd suggest you also add this as a configure switch (commands 
>>or not). In my case I want ssh killed, scp only (as in the command). I 
>>had not expected anything like this since I specified the --disable-sftp 
>>option. Perhaps a --disable-ssh-completely option?
>>
>>Thanks for the quick response!
>>
>>
>>>Terry Gliedt wrote this message on Thu, Dec 16, 2004 at 16:02 -0500:
>>>
>>>
>>>>On node 's', I fetched the latest code, compiled like this:
>>>>
>>>>make clean
>>>>rm -f config.cache
>>>>./configure --disable-sftp --disable-winscp-compat \
>>>>      --disable-gftp-compat --enable-rsync-compat
>>>>make
>>>>make install
>>>>
>>>>Added /usr/local/bin/scponly to /etc/shells. Added this user:
>>>>
>>>>usera:x:505:100:Example user:/home/usera:/usr/local/bin/scponly
>>>>
>>>>I tried various scp commands to 'usera at s' which behaved as expected. On 
>>>>another machine I did
>>>>
>>>>ssh usera at s ls -la
>>>>
>>>>and got back the results of 'ls'.  I was pretty surprised. What have I 
>>>>missed?
>>>


-- 
=============================================================
Terry Gliedt     tpg at umich.edu       http://www.hps.com/~tpg/
Biostatistics, Univ of Michigan  Personal Email:  tpg at hps.com

More information about the scponly mailing list