Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: ssh environment - circumvention of restricted shells
From: Jose Nazario <jose () monkey org>
Date: Wed, 26 Jun 2002 20:14:26 -0400 (EDT)

i have an older OpenSSH hacked up to allow for secure connections to a
BBS. obviously this is a limited case solution, but it does address some
of the concerns in this note.

first we disallow scp and remote command execution via modifications to
ssh. this is for SSH-1.5 only, so the daemon is configured for that only.
secondly, we dont let the user write to their home directory or do much of
anything on the machine except connect to the BBS, mainly via permissions.
their shell hardcodes restrictions on their telnet to loopback. oh yeah,
the patch also hacks in the username "bbs-user", so now people can ssh
bbs.host.com and get there without issues. resource limits and quotas
minimize any impact that an attack can cause.

its not perfect, but it does the job and stops most attacks. the code is
available here:

        http://www.heiho.net/bbs100/ssh_patch.txt
        http://www.heiho.net/bbs100/bbs_shell.txt

hope that helps some people solve a part of this problem. i agree totally
with markus, though, that the real issues are configuration errors.

___________________________
jose nazario, ph.d.                     jose () monkey org
                                        http://www.monkey.org/~jose/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]