[windows2000] Re: Sshwindows

  • From: "Sorin Srbu" <sorin.srbu@xxxxxxxxxxxxx>
  • To: <windows2000@xxxxxxxxxxxxx>
  • Date: Tue, 26 Jun 2007 13:27:21 +0200

Jon Spriggs <> wrote on Tuesday, June 26, 2007 1:02 PM:

Yeah, I already got some replies from the mentioned list, I tried them out.
Didn't work. For now I think I'll skip ssh on windows and just go with the
easier-to-setup shhd on a Fedora Core-webserver I have running at home. Seems
a lot easier... Can't believe MS hasn't done anything about this for IIS over
the years. 8-/

Will look into CopSSH later. Seems like the technique using this is similar to
"ssh for windows" with the addition of some scripts and stuff out-of-the-box.
Promising, but we'll see. 

Thx for the hint though. 8-)

PS. From what I've seen with sshd on linux, the "normal" users can traverse
directories there as well, except they can't view/edit sensitive files like
shadow and such. However I'm not sure if normal users seeing the contents of
passwd and groups is ok. Seems a bit, well, you know, bad... DS.


> Hi Sorin,
> 
> I see you've already asked on the list I was going to recommend!
> 
> I can strongly recommend using COPSSH[1] rather than SSHWindows... the
> SSHWindows project seemed to have stalled, whereas CopSSH is an active
> project (partially because I've contributed to it). I can't see a CHROOT
> Jail patch having been committed to this project, but I've found the author
> of the project was very amenable to making changes.    
> 
> Regards,
> 
> Jon
> 
> [1] http://www.itefix.no
> 
> 
> On 25/06/07, Sorin Srbu < sorin.srbu@xxxxxxxxxxxxx
> <mailto:sorin.srbu@xxxxxxxxxxxxx> > wrote: 
> 
>       Hi all,
> 
>       Anybody using this "mini-cygwin" ssh implementation for windows;
>       http://sourceforge.net/projects/sshwindows? Have a problem with it...
> 
>       I installed ssh for windows on a win2k3 sp2 DC and it seems to work as
>       expected.
> 
>       Using WinSCP to access the ssh server works excellent also.
> 
>       Only problem is that when I login with a test domain user-account
(which
>       has no real priv's on the domain except for the home-folder which is a
>       upload shared folder on the DFS for a number of people) this user can
>       access and see all the files in <c:\program files\openssh> including
the
> passwd-file. 
> 
>       I don't feel this is a good idea. Any hints on as how to solve this? I
>       tried to remove list ntfs-rights and so on to the whole
openssh-folder,
>       but this only resulted in my test-account couldn't login at all.
> 
>       I then reset the rights as they were before, but removed all
>       non-priviliegied account rights to the etc-folder. This seems to work
and
>       the user is not allowed to view the passwd and all files in the
etc-folder.
> 
>       Next I tried the same thing with the bin-folder in order to disallow
use of
>       makepasswd.exe and makegroup.exe, but this again disabled login of my
>       test-account.
> 
>       So, currently I'm stuck with a no-access etc-folder for regular users,
>       which I think is a really ugly way to do things.
> 
>       Is there some other cleaner way to disallow access to "normal" users
when
>       they click the "/" in WinSCP?
> 
>       TIA.
> 
> 
>       --
> 
>       BW,
> 
>       Sorin
> 
>       # Sorin Srbu, Systems Engineer  Web: http://www.orgfarm.uu.se
>       # Dept of Medicinal Chemistry,  Phone: +46 (0)18-4714482 >3 signals>
GSM
>       # Div of Org Pharm Chem,                Mobile: +46 (0)701-718023
>       # Box 574, Uppsala University,  Fax: +46 (0)18-4714482
>       # SE-751 23 Uppsala, Sweden     Visit: BMC, Husargatan 3, D5:512b
>       #
>       # ()  ASCII ribbon campaign - Against html E-mail
>       # /\
>       #
>       # Harmless tagline follows:
>       #
>       # Some things Man was never meant to know. For everything else,
there's
>       Google.
> 
> 
> 
>       *****************************
>       New Site from The Kenzig Group!
>       Windows Vista Links, list options
>       and info are available at:
>       http://www.VistaPop.com
>       *****************************
>       To Unsubscribe, set digest or vacation
>       mode or view archives use the below link.
> 
>       http://thethin.net/win2000list.cfm

*****************************
New Site from The Kenzig Group!
Windows Vista Links, list options 
and info are available at:
http://www.VistaPop.com
***************************** 
To Unsubscribe, set digest or vacation
mode or view archives use the below link.

http://thethin.net/win2000list.cfm

Other related posts:

  1. Home
  2. windows2000
  3. Archive
  4. 06-2007