Hi,
On Tue, Mar 29, 2011 at 06:31:07PM +0200, Mike Gabriel wrote:
On Di 29 Mär 2011 16:55:50 CEST Alexander Wuerstlein wrote:
On 11-03-29 15:36, Dick Kniep <dick.kniep@lindix.nl> wrote:
An authorized user running commands over ssh is not a security problem at all. It works as intended. ssh provides shells.
As Reinhard has mentioned in another post: Dicks setup requires a
complete lock-down-kiosk-mode-kind-of-thing. He wants a user to be able to run a small set of commands only (i.e. the rootless applications he wants to provide to his customers). From his perspective AFAIK a user logged in via SSH is a security issue. May it be so.The $SSH_ORIGINAL_COMMAND contains the original command that the client wants to execute on the server. This command is checked against the allowed commands for the user within the wrapper.
From the invocation I infer, that the intended language for the wrapper is shellskript. This is extremely dangerous if intended as a security measure like you claim. Also please note that it is very hard to write such wrappers in a secure way, such that stuff like e.g. 'allowed_command foo bar ; evil_command' is not possible.
This is a very worthy remark!!! I also think that it needs quite an
effort to script such a wrapper (and have it accepted in X2go
upstream!!!)
An example for rsync via SSH can be found at: http://troy.jdmz.net/rsync/index.html
The validate-rsync script there can be used as a starting point.
Regards, Erik
Dipl.-Inform. Erik Auerswald http://www.fg-networking.de/ auerswald@fg-networking.de Tel: +49-631-4149988-0 Fax: +49-631-4149988-9
Gesellschaft für Fundamental Generic Networking mbH Geschäftsführung: Volker Bauer, Jörg Mayer Gerichtsstand: Amtsgericht Kaiserslautern - HRB: 3630