[joe@sublimation.org: Re: [scponly] root login disabled]
wby oblyr
joe at sublimation.org
Mon Feb 13 13:43:07 EST 2006
It is best to think of scponly as a restricted shell. Given that the super-user is not constrained, the root user
would be able to subvert the scponly restricted shell and execute arbitrary commands, defeating the purpose of
scponly.
this is a more concrete example of what can go wrong if users are allowed to modify the contents of their .ssh
subdirectory:
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1469
joe
S?bastien Georget wrote this message on Mon, Feb 13, 2006 at 15:59 +0100:
> Hi,
>
> I'm trying to sync some servers using scponly/rsync and I want to
> preserve permissions accross all hosts.
> I created a dedicated user with uid 0 (and scponly as shell) but I got
> the following message : "root login denied".
>
> The README says that it is a security check, I don't understant why ?
> If root login should be be disallowed, it could be done at the ssh level.
>
> Does someone has a better idea than patching scponly to sync the servers
> preserving perms ?
>
> Thx.
> S?bastien
>
> _______________________________________________
> scponly mailing list
> scponly at lists.ccs.neu.edu
> https://lists.ccs.neu.edu/bin/listinfo/scponly
More information about the scponly
mailing list