Talk:SSH, limiting to SCP or Rsync only
(security concern with scpftprsynconly) |
(→Security aspect) |
||
Line 38: | Line 38: | ||
You should probably not rely on scpftprsynconly to PREVENT users from executing programs on your machine, | You should probably not rely on scpftprsynconly to PREVENT users from executing programs on your machine, | ||
./scpsftprsynconly foo 'scp -S givemeshell asd asd:asd' | ./scpsftprsynconly foo 'scp -S givemeshell asd asd:asd' | ||
− | Will execute the givemeshell command with some obscure arguments. | + | Will execute the givemeshell command with some obscure arguments. To get a shell with this inplace, upload a script/program that reverse connect or what you want then just: |
− | ssh | + | ssh foo@barhost "scp -S echo asd asd:asd" |
Probably should mention this in the article.. | Probably should mention this in the article.. | ||
--[[User:Ice|Ice]] 04:51, 4 November 2007 (EST) | --[[User:Ice|Ice]] 04:51, 4 November 2007 (EST) |
Revision as of 06:06, 4 November 2007
Contents |
just btw
# gcc scpsftprsynconly.c -o /usr/local/bin/scpsftprsynconly scpsftprsynconly.c: In function ‘main’: scpsftprsynconly.c:48: error: expected ‘)’ at end of input scpsftprsynconly.c:48: error: expected declaration or statement at end of input #
tried running this on a centos box and this is what I'm getting. dubl-U Tee Eff Mmm8.
--Dave 12:25, 22 October 2007 (EDT)
just guessing, really
since I don't know shit, but I added a } before the #ifdef DEBUG section and now I'm getting:
[root@web ~]# gcc scpsftprsynconly.c -o /usr/local/bin/scpsftprsynconly scpsftprsynconly.c:45: error: expected identifier or ‘(’ before ‘if’ scpsftprsynconly.c:49: error: expected identifier or ‘(’ before ‘if’ [root@web ~]#
which is in the first lines of
if (argc < 3) { printf (restrictmsg); return 1; } if ((strncmp (argv [2], "scp ", 4) != 0)
wha?
--Dave 13:41, 22 October 2007 (EDT)
somebody oopsed on a kill-the-spam edit
The problem you were having was that a good samaritan who manually edited the article to remove spam accidentally damaged the code a while back. I looked through history on the article and reverted to prior to the damage. --Jimbo 15:20, 22 October 2007 (EDT)
Security aspect
You should probably not rely on scpftprsynconly to PREVENT users from executing programs on your machine,
./scpsftprsynconly foo 'scp -S givemeshell asd asd:asd'
Will execute the givemeshell command with some obscure arguments. To get a shell with this inplace, upload a script/program that reverse connect or what you want then just:
ssh foo@barhost "scp -S echo asd asd:asd"
Probably should mention this in the article..
--Ice 04:51, 4 November 2007 (EST)