Re: Building 2.6.10 kernel for Debian and ncurses
From: Nico Kadel-Garcia (nkadel_at_comcast.net)
Date: 01/24/05
- Next message: Nico Kadel-Garcia: "Re: How can I know which Fedora core it is (we have Fedora machine)?"
- Previous message: Deon: "Install Potato then Woody OR strainght to Woody?"
- In reply to: John Beardmore: "Re: Building 2.6.10 kernel for Debian and ncurses"
- Next in thread: Peter T. Breuer: "Re: Building 2.6.10 kernel for Debian and ncurses"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Mon, 24 Jan 2005 04:23:46 -0500
"John Beardmore" <wookie@wookie.demon.co.uk> wrote in message
news:rsfTqZ16+98BFwJj@wookie.demon.co.uk...
> I thought that's more or less what ScpOnly offered ? To quote the home
> page, http://www.sublimation.org/scponly/
>
> "scponly" is an alternative 'shell' (of sorts) for system
> administrators who would like to provide access to remote
> users to both read and write local files without providing any
> remote execution priviledges. Functionally, it is best
> described as a wrapper to the "tried and true" ssh suite of
> applications.
You really need to read Richard Silverman's book. Restricting SSH by
replacing the shell is, umm, how can I put this politely: "only effective
against honest people".
> A typical usage of scponly is in creating a semi-public
> account not unlike the concept of anonymous login for ftp.
> This allows an administrator to share files in the same way
> an anon ftp setup would, only employing all the protection
> that ssh provides. This is especially significant if you
> consider that ftp authentications traverse public networks
> in a plaintext format.
Unless you need to preserve things like file permissions, which scponly does
not do so far as I know because SCP itself does not handle symlynks very
cleverly, I suggest that you'd be a lot better with WebDAV over HTTPS.
>> I highly recommend Richard Silverman's book on SSH, and hopping
>>over to the SSH newsgroups for more details.
>
> Hmmm... I was hoping that having moved to ScpOnly I could avoid having to
> learn loads more about this. Given what ScpOnly claims to do, will time
> invested in reading the book and the news group really make my world a
> safer place ?
Claiming that a user shell does a true chroot, and actually doing a chroot,
are two very different things. I'm curious about how ScpOnly actually works,
but have my serious doubts unless it's operating at the level of the sshd
process itself.
>> and just want them to
>>securely exchange files without shell access, look into WebDAV running
>>under
>>Apache using HTTPS. I've used it extremely effecively for exactly that
>>sort
>>of access, and graphical drag&drop is built into Windows, the Konqueror
>>web
>>browser, and published Java widgets for other OS's.
>
> In our case, although the end users have to enter user IDs and passwords
> manually, the actual communication is managed from a VB6 user interface to
> an accountancy training simulation.
>
> I see WebDAV has a .NET component available, but I don't think we'd want
> to port from VB6 to .NET just to use a nicer file transfer tool. Mind
> you, our current practice of shelling out to pscp, while fairly robust,
> looks pretty ugly.
Ouch. Yeah, I see that.....
- Next message: Nico Kadel-Garcia: "Re: How can I know which Fedora core it is (we have Fedora machine)?"
- Previous message: Deon: "Install Potato then Woody OR strainght to Woody?"
- In reply to: John Beardmore: "Re: Building 2.6.10 kernel for Debian and ncurses"
- Next in thread: Peter T. Breuer: "Re: Building 2.6.10 kernel for Debian and ncurses"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
