rssh 2.3.0 review
Downloadrssh is a restricted shell for use with OpenSSH, allowing only scp and/or sftp
|
|
rssh is a restricted shell for use with OpenSSH, allowing only scp and/or sftp. rssh project now also includes support for rdist, rsync, and cvs.
For example, if you have a server which you only want to allow users to copy files off of via scp, without providing shell access, you can use rssh to do that.
hough rssh is written to work with OpenSSH, it will probably work with other implementations of SSH. Also, rssh is written and tested on Linux systems, but should compile cleanly and work on any POSIX.2-compliant system. It is verified to work on the following platforms:
A wide variety of Linux distributions, on IA32 and IA64 hardware
Compaq Tru64 Unix
Solaris 2.x - 8 (under certain conditions -- see the security link)
AIX 5.1
HP/UX 11.00 (PA-RISC)
HP/UX 11.22 (IA64)
Irix 6.5
Currently, it does not work on (at least most of) the *BSDs, nor on OS X. They lack the wordexp() function, which rssh uses for command line argument expansion. Until they have such a function (which is defined by POSIX.2), or until I get bored enough to write a replacement, rssh will not work with the BSDs out of the box.
Update, 7 Jun 2003: Jacques A. Vidrine reports that FreeBSD 5.0 now has the wordexp() function, and rssh compiles cleanly on it, though he has not tested it. I still do not have any confirmation that it will work on FreeBSD 5, but it seems like a safe bet. I have received reports that other operating environments are also adding support for wordexp(), and rssh should work on all of those platforms, too.
If you're on a BSD system without the wordexp() function, you could work around this by obtaining a copy of the wordexp() function's code from, say, glibc2, and creating your own wordexp.h header. Compile wordexp.c manually, and link it against the other .o files. I have no intention of doing any work to facilitate that, though, so you're on your own.
If you have success using rssh with some other implementation of SSH, or using it on other platforms, feel free to send e-mail to the rssh mailing list to let me know. If you have problems compiling or installing rssh on your favorite platform, please send me the complete configure output, and any compilation errors generated.
What's New in This Release:
This release fixes a design flaw in rssh_chroot_helper that allowed local users with full shell access to gain root privileges.
rssh 2.3.0 keywords