SCIENTIFIC-LINUX-USERS Archives

December 2009

SCIENTIFIC-LINUX-USERS@LISTSERV.FNAL.GOV
Options: Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
Re: [suggest] OpenSSH 4.9 (or later?)
From:
Michael Mansour <[log in to unmask]>
Reply To:
Michael Mansour <[log in to unmask]>
Date:
Wed, 2 Dec 2009 21:45:08 +1100
Content-Type:
text/plain
Parts/Attachments:
text/plain (143 lines) 
> Just downloaded to server now
> About to install, pity it wasn't available via yum :(

Maybe this is then something that can be added to the repo?

I just went to the website for the RPMBuild component:

http://lshell.ghantoos.org/RPMBuild

and noticed:

"Thank you Michael Mansour for this excellent tip!"

I advised the developer some months back how to make his package easier to
build in RPM etc but didn't realise he credited me on his web page :)

Michael.

> On Wed, Dec 2, 2009 at 9:33 PM, Michael Mansour <[log in to unmask]> wrote:
> 
> > > noooooo don't give me more choices !!! >.<
> > >
> > > :)
> > > I'm trying to make sense of the man pages about chrooting but can't
> > > seem to figure out files to copy where to configure it properly.
> > > I'll look at lshell too.
> >
> > My point exactly. lshell is easy.
> >
> > With OpenSSH though, you typically don't need to copy libraries into the
> > chroot jail unless you're using SFTP. I looked at the latest OpenSSH about
> > a
> > year ago and I believe for ssh and scp they manage to use the shared
> > libraries
> > but with sftp they couldn't.
> >
> > Anyway, save your time and just use lshell, you'll find it straight
> > forward.
> >
> > Regards,
> >
> > Michael.
> >
> > > On Wed, Dec 2, 2009 at 9:13 PM, Michael Mansour <[log in to unmask]> wrote:
> > >
> > > > Hi,
> > > >
> > > > > The chroot feature was implemented (backport) in version 4.3p2-
> > > > > 36.el5 of OpenSSH in RHEL 5, see [1].
> > > > >
> > > > > [1] http://rhn.redhat.com/errata/RHSA-2009-1287.html
> > > > > - -
> > > > > Patrick
> > > >
> > > > I've used (for years) lshell (Limited Shell). It's extremely powerful
> > and
> > > > flexible and available in RPM form.
> > > >
> > > > I haven't tried the new chroot feature of OpenSSH but when it takes a
> > few
> > > > minutes to setup chroot and limited shell access with lshell, I see no
> > > > reason to.
> > > >
> > > > RPM details are as follows:
> > > >
> > > > Name        : lshell                       Relocations: /usr
> > > > Version     : 0.9.6                             Vendor: Ignace
> > Mouzannar
> > > > (ghantoos) <[log in to unmask]>
> > > > Release     : 1                             Build Date: Thu 10 Sep 2009
> > > > 04:25:19 AM EST
> > > > Install Date: Mon 09 Nov 2009 03:18:02 PM EST      Build Host:
> > > > raoul-centos5
> > > > Group       : System Environment/Shells     Source RPM:
> > > > lshell-0.9.6-1.src.rpm
> > > > Size        : 125860                           License: GPL
> > > > Signature   : (none)
> > > > URL         : http://lshell.ghantoos.org
> > > > Summary     : Limited Shell
> > > > Description :
> > > > lshell is a shell coded in Python that lets you restrict a user's
> > > > environment
> > > > to limited sets of commands, choose to enable/disable any command over
> > SSH
> > > > (e.g. SCP, SFTP, rsync, etc.), log user's commands, implement timing
> > > > restrictions, and more.
> > > >
> > > > Regards,
> > > >
> > > > Michael.
> > > >
> > > > > ----- "Victor" <[log in to unmask]> schrieb:
> > > > > > Just wondering what the thought is with having OpenSSH 4.9 or later
> > > > included as available download on RPM (or even on the official CentOS
> > > > repo's... but don't think i can request that here).
> > > > > >
> > > > > > Reason is I'd like to have the ability for jail'ing users on ssh /
> > sftp
> > > > /
> > > > ftp etc. and 4.9 and above has this support by default so no
> > third-party
> > > > hacks
> > > > needed.
> > > > >
> > > > > > --
> > > > > > Victor ('Daworm')
> > > > > > * Melbourne Wireless Node: KDJ & KDT
> > > > > > * Natural Selection 2 Wiki Sysop (
> > > > http://www.unknownworlds.com/ns2/wiki/ )
> > > > > > * AoCWiki Sysop ( http://aoc.wikia.com/ )
> > > > > > * Twitter: @dawormie
> > > > > >
> > > > > > _______________________________________________
> > > > > > suggest mailing list
> > > > > > [log in to unmask]
> > > > > > http://lists.rpmforge.net/mailman/listinfo/suggest
> > > > > >
> > > > ------- End of Original Message -------
> > > >
> > > > _______________________________________________
> > > > suggest mailing list
> > > > [log in to unmask]
> > > > http://lists.rpmforge.net/mailman/listinfo/suggest
> > > >
> > >
> > > --
> > > Victor ('Daworm')
> > > * Melbourne Wireless Node: KDJ & KDT
> > > * Natural Selection 2 Wiki Sysop
> > > (http://www.unknownworlds.com/ns2/wiki/) * AoCWiki Sysop
> > >  (http://aoc.wikia.com/) * Twitter: @dawormie
> > ------- End of Original Message -------
> >
> >
> 
> -- 
> Victor ('Daworm')
> * Melbourne Wireless Node: KDJ & KDT
> * Natural Selection 2 Wiki Sysop 
> (http://www.unknownworlds.com/ns2/wiki/) * AoCWiki Sysop 
>  (http://aoc.wikia.com/) * Twitter: @dawormie
------- End of Original Message -------

ATOM RSS1 RSS2