I recently learned about the new ChrootDirectory in OpenSSH 5.2, and wanted to play around with it to see what it was capable of. To begin my quest, I started off by creating a couple of users that would be chroot’ed to their home directories when they logged into the server with sftp. Once the [...]
Most SSH clients have the ability to perform local and remote port forwarding. This is a pretty neat use of SSH if you haven’t ever seen it before. OpenSSH can take it one step further and provide a full VPN solution encrypting all network traffic on all ports between two machines. This is pretty powerful [...]
South Park is a hilarious show, and I think that Cartman is the best character. One of Cartman’s classic lines is “YOU WILL RESPECT MY AUTHORITAH!#!” So Cartman wasn’t a unix geek and wasn’t talking about X11 Forwarding / SSH, but maybe there is a moral to the story. You have to execute some sort of [...]
I just looked over the sshd 4.9 release notes, and came across this gem: * Added chroot(2) support for sshd(8), controlled by a new option “ChrootDirectory”. Please refer to sshd_config(5) for details, and please use this feature carefully. (bz#177 bz#1352) This is awesome, and should negate the need to use pam_chroot! Nice!
Last week I set up several Linux and Solaris hosts to use key based authentication. For some reason two of the hosts continued to prompt me for a password, even though the server and client were configured correctly to used DSA keys (I was using the same config on all of the servers, so I [...]
With the introduction of OpenSSH 4.3p2, Darren Tucker introduced the “Match” keyword. This super nifty keyword can be used to limit features to specific users, hosts and groups, and allows administrators to enforce granular feature access (e.g., key-based authentication can only be used from specific hosts or subnets). To use the Match feature, the Match [...]
