LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 09-27-2003, 11:28 PM   #1
retep
Member
 
Registered: Sep 2003
Distribution: RedHat/Debian
Posts: 50

Rep: Reputation: 15
Is Restricted SSH Access Possible?


I have a program that I want certain users to access. I want access to that program to be secure (so what is typed and sent back is encrypted). The program is an admin shell for the server. It will give the user the ability to perform various tasks, like catting a particular file, running screen, running uptime, mail commands, and a bit of socket manipulation.

If push comes to shove, I’ll implement this as a web application. But there are certain things (like the screen functionality) which are really best done via my preferred option, SSH. However, SSH seems to open up too many security issues.

For example…

Is there anyway I can prevent the user from accessing anything else besides that one program?

I can set their login (in /etc/passwd) so they run my script on login. But I understand there are ways to bypass this (at least, it can be bypassed if they run su). Or perhaps they use the SSH connection to just run a command (vs. opening a shell).

Also, if I give them ssh access, can I prevent them from having scp access?

Is there a way to ensure that any ssh-related access is via a chrooted environment?

And I’ve probably missed a bunch of other issues as well.

Does anyone have any suggestions for providing ‘locked down’ SSH access (URLs or details appreciated). Or should I break out the PHP and go for a web application?
 
Old 09-28-2003, 12:31 AM   #2
cyberskye
Member
 
Registered: Feb 2003
Location: The City by the Bay
Posts: 116

Rep: Reputation: 15
I'd go php - can still use ssl if you want crypto.
 
Old 09-28-2003, 12:35 AM   #3
retep
Member
 
Registered: Sep 2003
Distribution: RedHat/Debian
Posts: 50

Original Poster
Rep: Reputation: 15
PHP will do about 95% of what I need. And it's 'known'. However, ideally I want to run screen which isn't something that php can wrap. So PHP (over SSL) is still plan B.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Webmin Restricted Access newinlinux Debian 4 11-28-2005 10:47 PM
Restricted access sachinh Linux - Security 2 09-29-2004 04:30 AM
can't set restricted access thebravenoob Linux - Wireless Networking 2 03-19-2004 01:48 PM
php access restricted file Riley Programming 1 07-20-2003 01:45 PM
SSH user IP restricted access??? ifm Linux - Security 3 07-21-2002 12:01 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 08:50 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration