SSH user for domain.tld - Printable Version

SSH user for domain.tld - Printable Version

+- ispCP - Board - Support (http://www.isp-control.net/forum)
+-- Forum: ispCP Omega Development Area (/forum-1.html)
+--- Forum: Suggestions (/forum-2.html)
+--- Thread: SSH user for domain.tld (/thread-7781.html)

Pages: 1 2

RE: SSH user for domain.tld - sci2tech - 09-08-2009 12:54 AM

(09-07-2009 09:51 PM)kilburn Wrote: -) nearly unusable though a shell : if each chroot has just the minimal set of binaries accessible.

But configurable Smile

. And using hard links
Another idea is Busybox that do a great job with this.

RE: SSH user for domain.tld - koko92_national - 09-08-2009 05:45 AM

Hard links are not so offently used by administrators (I think).

RE: SSH user for domain.tld - sseitz - 09-24-2009 12:02 AM

I've recently introduced some proof-of-concept howto and a suggestion on how to implement SSH. Please see: http://www.isp-control.net/forum/thread-7948.html

Hopefully some ispCP developer reads this Wink

RE: SSH user for domain.tld - koko92_national - 09-25-2009 02:38 AM

(09-24-2009 12:02 AM)sseitz Wrote: I've recently introduced some proof-of-concept howto and a suggestion on how to implement SSH. Please see: http://www.isp-control.net/forum/thread-7948.html

Hopefully some ispCP developer reads this

Great!

RE: SSH user for domain.tld - sci2tech - 09-25-2009 03:59 AM

It is close to what I have in mind Wink

RE: SSH user for domain.tld - kassah - 11-06-2010 06:54 AM

I would actually be down with just a normal shell as the right user as long as admin/reseller can turn it on and off. Security will only be as good as it's weakest point, which generally is PHP.

RE: SSH user for domain.tld - frustro - 11-14-2010 02:04 AM

(09-07-2009 09:51 PM)kilburn Wrote:
Quote:If he limits it by username and group name I think it will be all right.

I'm speaking about the chroot concept, not about which permissions should you use. AFAIK chroots are either:
-) insecure : if there is a work-around to allow running binaries from outside the chroot
-) nearly unusable though a shell : if each chroot has just the minimal set of binaries accessible.
-) highly overloaded : if a complete copy/mount --bind/something like this is used so that chroot users have access to all binaries.

It has nothing to do about who you let access the chroot, but how you let him run the binaries.

Bump for jailshell users.

RE: SSH user for domain.tld - jeab101 - 11-18-2010 08:13 PM

Oh. I'm Plans is same.