[scponly] scponly 4.2 released (IMPORTANT SECURITY FIXES)
Kaleb Pederson
kpederson at mail.ewu.edu
Thu Dec 22 12:01:38 EST 2005
On Thursday 22 December 2005 8:54 am, csnyder wrote:
> On 12/22/05, user <user at dhp.com> wrote:
[snip]
> > So ... do I understand correctly - the scponly shell does not support scp
> > by default anymore ?
> >
> > If the default does not support scp and rsync, does that mean 0% of all
> > scponly admins will ever install the default ? What would you do with
> > the default install ?
>
> ... and maybe it should be named "sftponly" now?
Perhaps there is a misunderstanding?
$ ./configure --help | egrep "scp|rsync"
`configure' configures scponly 4.2 to adapt to many kinds of systems.
--enable-winscp-compat enable winscp (and scp) compatibility
--enable-scp-compat enable scp compatibility
--enable-rsync-compat enable rsync compatibility
install chrooted binary 'scponlyc'
That seems like a far cry from sftponly? Just a change to the default? Don't
most sysadmins look at the help before they install?
> I believe in "secure by default" but this seems like it might be
> taking it a little too far. Is disabling scp really the only way to
> accomplish this?
Isn't this like turning off all the services on a Linux box that you deliver
to someone? They have the option of turning on the "service" if they want.
--Kaleb
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : https://lists.ccs.neu.edu/pipermail/scponly/attachments/20051222/56a04f23/attachment.bin
More information about the scponly
mailing list