On Thu, Feb 28, 2013 at 8:08 AM, Andrew Hume <and...@research.att.com>wrote:
> if they were using sftp, there are numerous pages detailing how to setup > jails > and configure sshd to only do sftp-server. how do i do that for scp? > by experiment, i can probably set up a jail and just have the scp binary, > but this seems a fair bit of work for what i would have thought to be a > somewhat > common case. > scp relies on general execution ability on the remote machine, so securing it requires securing general ssh. This is because ssh / scp generally tries to behave like rsh / rcp, which infamously were not very concerned with notions of security. Subsystems such as sftp get extra support, but nobody has yet taken the leap of giving up on pretending to be an ancient insecure protocol suite and redoing scp as a subsystem. -- brandon s allbery kf8nh sine nomine associates allber...@gmail.com ballb...@sinenomine.net unix, openafs, kerberos, infrastructure, xmonad http://sinenomine.net
_______________________________________________ Tech mailing list Tech@lists.lopsa.org https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech This list provided by the League of Professional System Administrators http://lopsa.org/
