Bots United start a Sourceforge project?

[Onno Kreuzinger]

i know you wont get a login shell, we tried to use scp instead of ftp on this server and it failed because the login shell for ftp accounts is /bin/false.
this does work as expected, i should have said "allow login, but choose shell to be /bin/false".

i'd rather have ftp open that allow ppl. to exec /bin/bash

PMB and me tried our "best" to break into the servers root account, but both failed, the ftp exploits as well as the local shell exploits, so as of feb 2004 i consider this server to be safe, realy safe

[Terran]

If you set the users shell to /bin/false you will not be able to use portforwarding as the connection is terminated immediately after login.

I still don't get how you want to make sure that the ssh service can only be used for this special purpose. It's simply not designed for this kind of application. You will always need some tools which will do the trick.

What might be possible is giving the user a special restricted shell (e.g. rbash) which only allows the execution of some definable programs (in this case the cvs tools). But I havn't tested this for the use with cvs, maybe it's restrictions are to restrictive as e.g. cd is not allowed.

One thing I've learned in the last 11 years as system administrator:
The only secure system is one without any connections - including the power line.

[Onno Kreuzinger]

nope, ssh2 has exactly those features build in, restriction to certain programs to be executed (and only those), or restriction to not login (login=request pty) but only do portforwarding.

i will do so and give you a test login

[Terran]

Ok, I'm looking forward how you solve those topics .