Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner AT cygwin DOT com Mail-Followup-To: cygwin AT cygwin DOT com Delivered-To: mailing list cygwin AT cygwin DOT com Message-ID: From: "WARDEN,JON (HP-FtCollins,ex1)" To: cygwin AT cygwin DOT com Subject: RE: Single-user Cygwin for improved security under standalone use with OpenSSH Date: Wed, 9 Jul 2003 18:05:35 -0400 MIME-Version: 1.0 Content-Type: text/plain Mark, This is interesting- it points to a missing part of my description of the situation. I guess this would be called the "security model" of this situation: what is trusted and what is not trusted. In this situation, the commands (running as "administrator) executed by SSH on behalf of the remote user are assumed "trusted", but the (Windows) commands excuted by the non-administrator on the local machine are not trusted. We would like to guard against an attempt by a non-administrator on the local machine to subvert the remote execution of a program via SSH running as administrator. I think you are right- if it is the incoming SSH connection that is not trusted, it is much better to restrict the commands available than to try to protect the machine itself (including Cygwin) from subversion. Thanks, Jon | |Jon, | |This is coming from a different angle, but have you |thought of tightening security using the SSH server |instead? I think you are considering opening up an |interactive session using SSH in order to execute |arbitrary commands on the remote system. However, you can |configure ssh on a per-account basis to use forced |commands rather than executing whatever program the user |wants. You can write a script to parse the command sent |by the user and then execute the appropriate program. You |can also disable tty and interactive sessions. It seems |like this might be a simpler approach than trying to |restrict what an ssh user can do in an interactive session. | |The O'Reilly book "SSH, the Secure Shell: The Definitive |Guide" (see |http://safari.oreilly.com/0596000111) is an excellent |source for how to do this. | |-Mark | -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/