[scponly] .ssh

Tony J. White tjw at webteam.net
Tue Feb 10 16:33:47 EST 2004


> "Next we need to set the home directory for this scponly user.
> please note that the user's home directory MUST NOT be writeable
> by the scponly user.  this is important so that the scponly user
> cannot subvert the .ssh configuration parameters.
> 
> "for this reason, a writeable subdirectory will be created that
> the scponly user can write into."
> 
> Can someone please explain how this could be a security vulnerability? I
> used scpjailer, and it doesn't seem to create any .ssh configuration
> parameters.

I think this issue has been covered on the scponly mailinglist some time ago.
You'll have to search the archives to find the discussion.

Basically, if the user has write access to his/her home directory, the
user inherits the right to change some OpenSSH configuration via the
$HOME/.ssh directory.  This is Bad.  See:

http://xforce.iss.net/xforce/xfdb/9913

scpjailer follows the same rule documented in chroot_setup.sh.  That is,
do not give the user write permission to ANYTHING in the chroot directory
except possibly one subdirectory that is not the users $HOME.

I believe it is possible to setup OpenSSH in such a way to make it safe
to give the user write access to his/her home directory (by limiting 
or elminating the use of $HOME/.ssh), but I don't know the details for
doing so.  Even so, this would probably be a global change that would likely 
cause problems for non scponly users.

-Tony

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : https://lists.ccs.neu.edu/pipermail/scponly/attachments/20040210/0806decd/attachment.bin


More information about the scponly mailing list