SFTP to /bin/false account?

Derek Martin invalid at pizzashack.org
Mon Mar 15 15:30:01 EST 2004 

On Mon, Mar 15, 2004 at 03:01:18PM -0500, Cole Tuininga wrote:
> > The good news is, you can still get what you want.  I wrote a dummy
> > shell called rssh which does this for you.  It can even handle
> > chrooting the user to a jail, if you can set up a chroot jail
> > properly.  I include some documentation on how to set up a jail, but
> > the specifics are, well, somewhat system-specific.  :)  If you're on a
> > recent Red Hat system, the instructions should basically work for you.
> 
> Great - I'm checking this out.  I have two questions:
> 
> 1) During compilation, I got a couple of errors that tell me:
> 
> Using 'getpwuid' in statically linked applications requires at runtime
> the shared libraries from the glibc version used for linking
> 
> Should I be concerned?

Probably.  Are you running OpenSSH 3.4 or older?  If so, rssh will
compile statically to work around a security hole.  I highly recommend
upgrading to OpenSSH 3.5 or later.  In that case, there is no need to
compile statically.

For details, see http://www.pizzashack.org/rssh/security.shtml

If this is NOT the case, then I'm not sure why you'd be seeing these
messages.  Can you post the output to configure?

> 2) I've tried setting it up as a shell for a test user.  However, it
> seems to be not allowing me to sftp or scp?  

RTFM...  :)  You need to include allowscp and/or allowsftp in the
configuration file.  Or, if you've created a per-user entry for your
test user, you need to set the appropriate bits in the access field.

If you think that's all set, then please also include your config file
and any relevant details of what you're doing.  FWIW, there's an rssh
mailing list, too.  Very low traffic, mostly me answering questions.
I also announce new releases and such there.

Uh, anyway, it's 5:30am here, and I need to go to bed.  I'll be happy
to help out further if you need it, but you'll have to wait about 12
hours. :)

-- 
Derek D. Martin    http://www.pizzashack.org/   GPG Key ID: 0xDFBEAD02
-=-=-=-=-
Despite the ever-increasing complexities of human society and the advancement
of science and technology, the most perplexing problems that face most people
remain what to eat for lunch today, and who to sleep with tonight.
-=-=-=-=-
This message is posted from an invalid address.  Replying to it will result in
undeliverable mail.  Sorry for the inconvenience.  Thank the spammers.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://mail.gnhlug.org/mailman/private/gnhlug-discuss/attachments/20040315/5d63ee0c/attachment.bin

More information about the gnhlug-discuss mailing list