[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-security] Shell Accounts....

Subject: Re: [cobalt-security] Shell Accounts....
From: Brent Sims <brent@xxxxxxxxxxx>
Date: Fri, 2 Jun 2000 17:29:09 -0600 (MDT)

On Fri, 2 Jun 2000, Thomas Fosbenner Jr. so wrote:

} When I add a shell account under my main site, that person can log in and go
} into my web directory and look around. I am concerned by this because we
} have a web mail system and I logged in under a normal user and I could go in
} and read messages from that directory. Is there any way to limit my users to
} there directory only?

	While it is possible to set up a chroot (change
root) enviornment for telnet, it isn't easy to do and it certainly
is not pretty. There is, however, a viable solution that is fairly
easy to deal with.

	I believe the lastest version of SSH (not the GNU SSH) but
the commercial offering, provides an easy to manage chroot
enviornment. The downside is that your clients would need an SSH
client to access the shell. There are some free one's available (I
use Putty on my Windows machine) but I don't know if they're
compatible with SSH 2.x. The RSA patent that makes this complex
expires in September so an end is in site though.

	Peace be with you,
	
	Brent
	
	Brent Sims
	WebOkay Internet Services
	http://www.WebOkay.net
	Brent@xxxxxxxxxxx
	(719) 595-1427 (Voice/Fax)

References:
- [cobalt-security] Shell Accounts....
  - From: Thomas Fosbenner Jr.

Prev by Date: [cobalt-security] Shell Accounts....
Next by Date: Re: [cobalt-security] Puzzle
Previous by thread: [cobalt-security] Shell Accounts....
Next by thread: [cobalt-security] Re: Different SSH & Admin password on Qube2

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index