x2go-commits October 2014

x2go-commits@lists.x2go.org

2 participants
478 discussions

page changed: wiki:security:rbash
by wiki-admin＠x2go.org 31 Oct '14

31 Oct '14

A page in your DokuWiki was added or changed. Here are the details: Date : 2014/10/31 20:59 Browser : Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/37.0.2062.120 Chrome/37.0.2062.120 Safari/537.36 IP-Address : 79.228.221.115 Hostname : p4FE4DD73.dip0.t-ipconnect.de Old Revision: http://wiki.x2go.org/doku.php/wiki:security:rbash?rev=1414788512 New Revision: http://wiki.x2go.org/doku.php/wiki:security:rbash Edit Summary: [secure ssh access] User : woglinde @@ -26,14 +26,25 @@ ====== secure ssh access ====== - To make sure the users can only access rbash, setup ssh to use **ForceCommand**, otherwise the usrs can run any other shell or commands over + To make sure the users can only access rbash, setup ssh to use **ForceCommand**, otherwise the users can run any other shells or commands over ssh. Therefore edit /etc/ssh/sshd_config and put the the following lines at the end. <note> Match group rbrowser ForceCommand sshcommand </note> - ForceCommand only works for a sshd matching section. - So you can dedicate the rbash to a certain group. + ForceCommand only works for a sshd matching section. So you can dedicate the rbash to a certain group. + + **sshcommand** is a small shell script to wrap the rbash usage, + + <code bash> + #!/bin/sh + PATH=/opt/rbash/bin + if test -n "$SSH_ORIGINAL_COMMAND"; then + /bin/rbash -c "$SSH_ORIGINAL_COMMAND" + else + /bin/rbash + fi + </code> -- This mail was generated by DokuWiki at http://wiki.x2go.org/

1 0

page changed: wiki:security:rbash
by wiki-admin＠x2go.org 31 Oct '14

31 Oct '14

A page in your DokuWiki was added or changed. Here are the details: Date : 2014/10/31 20:48 Browser : Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/37.0.2062.120 Chrome/37.0.2062.120 Safari/537.36 IP-Address : 79.228.221.115 Hostname : p4FE4DD73.dip0.t-ipconnect.de Old Revision: http://wiki.x2go.org/doku.php/wiki:security:rbash?rev=1414788451 New Revision: http://wiki.x2go.org/doku.php/wiki:security:rbash Edit Summary: [secure ssh access] User : woglinde @@ -26,13 +26,14 @@ ====== secure ssh access ====== - To make sure the users can only access rbash, setup ssh to use **ForceCommand** + To make sure the users can only access rbash, setup ssh to use **ForceCommand**, otherwise the usrs can run any other shell or commands over + ssh. Therefore edit /etc/ssh/sshd_config and put the the following lines at the end. <note> Match group rbrowser ForceCommand sshcommand </note> ForceCommand only works for a sshd matching section. So you can dedicate the rbash to a certain group. -- This mail was generated by DokuWiki at http://wiki.x2go.org/

1 0

page changed: wiki:security:rbash
by wiki-admin＠x2go.org 31 Oct '14

31 Oct '14

A page in your DokuWiki was added or changed. Here are the details: Date : 2014/10/31 20:47 Browser : Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/37.0.2062.120 Chrome/37.0.2062.120 Safari/537.36 IP-Address : 79.228.221.115 Hostname : p4FE4DD73.dip0.t-ipconnect.de Old Revision: http://wiki.x2go.org/doku.php/wiki:security:rbash?rev=1414788423 New Revision: http://wiki.x2go.org/doku.php/wiki:security:rbash Edit Summary: [secure ssh access] User : woglinde @@ -28,11 +28,11 @@ ====== secure ssh access ====== To make sure the users can only access rbash, setup ssh to use **ForceCommand** - Therefore edit /etc/ssh/sshd_config and put the the following lines at the end. ForceCommand only works for a sshd matching section. - So you can dedicate the rbash to a certain group - + Therefore edit /etc/ssh/sshd_config and put the the following lines at the end. <note> Match group rbrowser ForceCommand sshcommand </note> + ForceCommand only works for a sshd matching section. + So you can dedicate the rbash to a certain group. -- This mail was generated by DokuWiki at http://wiki.x2go.org/

1 0

page changed: wiki:security:rbash
by wiki-admin＠x2go.org 31 Oct '14

31 Oct '14

A page in your DokuWiki was added or changed. Here are the details: Date : 2014/10/31 20:47 Browser : Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/37.0.2062.120 Chrome/37.0.2062.120 Safari/537.36 IP-Address : 79.228.221.115 Hostname : p4FE4DD73.dip0.t-ipconnect.de Old Revision: http://wiki.x2go.org/doku.php/wiki:security:rbash?rev=1414788378 New Revision: http://wiki.x2go.org/doku.php/wiki:security:rbash Edit Summary: [secure ssh access] User : woglinde @@ -29,9 +29,10 @@ ====== secure ssh access ====== To make sure the users can only access rbash, setup ssh to use **ForceCommand** Therefore edit /etc/ssh/sshd_config and put the the following lines at the end. ForceCommand only works for a sshd matching section. + So you can dedicate the rbash to a certain group <note> Match group rbrowser ForceCommand sshcommand </note> -- This mail was generated by DokuWiki at http://wiki.x2go.org/

1 0

page changed: wiki:security:rbash
by wiki-admin＠x2go.org 31 Oct '14

31 Oct '14

A page in your DokuWiki was added or changed. Here are the details: Date : 2014/10/31 20:46 Browser : Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/37.0.2062.120 Chrome/37.0.2062.120 Safari/537.36 IP-Address : 79.228.221.115 Hostname : p4FE4DD73.dip0.t-ipconnect.de Old Revision: http://wiki.x2go.org/doku.php/wiki:security:rbash?rev=1414788178 New Revision: http://wiki.x2go.org/doku.php/wiki:security:rbash Edit Summary: [secure ssh access] User : woglinde @@ -27,4 +27,11 @@ ====== secure ssh access ====== To make sure the users can only access rbash, setup ssh to use **ForceCommand** + + Therefore edit /etc/ssh/sshd_config and put the the following lines at the end. ForceCommand only works for a sshd matching section. + + <note> + Match group rbrowser + ForceCommand sshcommand + </note> -- This mail was generated by DokuWiki at http://wiki.x2go.org/

1 0

page changed: wiki:security:rbash
by wiki-admin＠x2go.org 31 Oct '14

31 Oct '14

A page in your DokuWiki was added or changed. Here are the details: Date : 2014/10/31 20:42 Browser : Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/37.0.2062.120 Chrome/37.0.2062.120 Safari/537.36 IP-Address : 79.228.221.115 Hostname : p4FE4DD73.dip0.t-ipconnect.de Old Revision: http://wiki.x2go.org/doku.php/wiki:security:rbash?rev=1414788048 New Revision: http://wiki.x2go.org/doku.php/wiki:security:rbash Edit Summary: [secure ssh access] User : woglinde @@ -26,4 +26,5 @@ ====== secure ssh access ====== + To make sure the users can only access rbash, setup ssh to use **ForceCommand** -- This mail was generated by DokuWiki at http://wiki.x2go.org/

1 0

page changed: wiki:security:rbash
by wiki-admin＠x2go.org 31 Oct '14

31 Oct '14

A page in your DokuWiki was added or changed. Here are the details: Date : 2014/10/31 20:40 Browser : Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/37.0.2062.120 Chrome/37.0.2062.120 Safari/537.36 IP-Address : 79.228.221.115 Hostname : p4FE4DD73.dip0.t-ipconnect.de Old Revision: http://wiki.x2go.org/doku.php/wiki:security:rbash?rev=1414788035 New Revision: http://wiki.x2go.org/doku.php/wiki:security:rbash Edit Summary: [Set the shell with Samba] User : woglinde @@ -20,12 +20,10 @@ This means if you are able to access the bash executebale via the PATH-variable (remind full path like /bin/bash are not allowed), you can break out the rbash. - ===== Set the shell with Samba ===== - For samba set the following parameter in the smb.conf: - <note important> template shell = /bin/rbash</note> + ====== secure ssh access ====== -- This mail was generated by DokuWiki at http://wiki.x2go.org/

1 0

page changed: wiki:security:rbash
by wiki-admin＠x2go.org 31 Oct '14

31 Oct '14

A page in your DokuWiki was added or changed. Here are the details: Date : 2014/10/31 20:40 Browser : Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/37.0.2062.120 Chrome/37.0.2062.120 Safari/537.36 IP-Address : 79.228.221.115 Hostname : p4FE4DD73.dip0.t-ipconnect.de Old Revision: http://wiki.x2go.org/doku.php/wiki:security:rbash?rev=1414349398 New Revision: http://wiki.x2go.org/doku.php/wiki:security:rbash Edit Summary: [Set rbash as default shell] User : woglinde @@ -19,11 +19,8 @@ But be aware, if rbash detects that a executebale is a shell-script it will be run with full bash. This means if you are able to access the bash executebale via the PATH-variable (remind full path like /bin/bash are not allowed), you can break out the rbash. - ====== Set rbash as default shell ====== - - Depending on the user setup, there are serval options to set the default shell for the users to rbash. ===== Set the shell with Samba ===== For samba set the following parameter in the smb.conf: <note important> template shell = /bin/rbash</note> -- This mail was generated by DokuWiki at http://wiki.x2go.org/

1 0

page changed: events:x2go-gathering-2014
by wiki-admin＠x2go.org 31 Oct '14

31 Oct '14

A page in your DokuWiki was added or changed. Here are the details: Date : 2014/10/31 17:10 Browser : Mozilla/5.0 (X11; Linux x86_64; rv:32.0) Gecko/20100101 Firefox/32.0 Iceweasel/32.0 IP-Address : 79.228.221.115 Hostname : p4FE4DD73.dip0.t-ipconnect.de Old Revision: http://wiki.x2go.org/doku.php/events:x2go-gathering-2014?rev=1414775416 New Revision: http://wiki.x2go.org/doku.php/events:x2go-gathering-2014 Edit Summary: [Friday 2014-10-31] User : sunweaver @@ -73,9 +73,9 @@ | 21:00-22:00 | Stefan, Mihai, Uwe, Mike#2 | ^ Time slot ^ Topic ^ Speaker / Moderator ^ Comment ^ - | 19.00h | Welcome to X2Go Gathering | //Mike Gabriel// and //Heinz Graesing// | Organizational information | + | 19.00h | Welcome to X2Go Gathering | //Mike Gabriel// and //Heinz-M. Graesing// | Organizational information | | 19.45h | Pizza ||| | 21.00h | Show-And-Tell: TCE-NG, electronic GloveBox, X2GoClient on non-rooted Android (within a Debian Wheezy chroot), Unity Greeter / Remote Login to X2Go Sessions ... || Everyone's chance to present their X2Go use case, latest developments, spinoffs, ... | | 22.00h and beyond | open coding session / setup of video equipment / introduction to bugtracker use (for the uninitiated ...) ||| -- This mail was generated by DokuWiki at http://wiki.x2go.org/

1 0

page changed: events:x2go-gathering-2014
by wiki-admin＠x2go.org 31 Oct '14

31 Oct '14

A page in your DokuWiki was added or changed. Here are the details: Date : 2014/10/31 17:10 Browser : Mozilla/5.0 (X11; Linux x86_64; rv:32.0) Gecko/20100101 Firefox/32.0 Iceweasel/32.0 IP-Address : 79.228.221.115 Hostname : p4FE4DD73.dip0.t-ipconnect.de Old Revision: http://wiki.x2go.org/doku.php/events:x2go-gathering-2014?rev=1414759640 New Revision: http://wiki.x2go.org/doku.php/events:x2go-gathering-2014 Edit Summary: [Friday 2014-10-31] User : sunweaver @@ -73,9 +73,9 @@ | 21:00-22:00 | Stefan, Mihai, Uwe, Mike#2 | ^ Time slot ^ Topic ^ Speaker / Moderator ^ Comment ^ - | 19.00h | Welcome to X2Go Gathering | //Mike Gabriel// | Organizational information | + | 19.00h | Welcome to X2Go Gathering | //Mike Gabriel// and //Heinz Graesing// | Organizational information | | 19.45h | Pizza ||| | 21.00h | Show-And-Tell: TCE-NG, electronic GloveBox, X2GoClient on non-rooted Android (within a Debian Wheezy chroot), Unity Greeter / Remote Login to X2Go Sessions ... || Everyone's chance to present their X2Go use case, latest developments, spinoffs, ... | | 22.00h and beyond | open coding session / setup of video equipment / introduction to bugtracker use (for the uninitiated ...) ||| -- This mail was generated by DokuWiki at http://wiki.x2go.org/

1 0

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

x2go-commits October 2014