> If any user has scp/sftp access, then they can simply use this or remote > command execution to grab my system password file, something they >certainly can't get via wu-ftpd.
They grab your passwd file. Pardon the expression but so what? You are running shadow passwords right? Non world readable I must say :D >Did I mention that I don't trust these users, even though they're my >customers. I don't expect them to do anything nasty, but that doesn't mean >I trust them either. No user should *ever* be able to see the data of any >other user unless authorized (typically via group membership). SSH wasn't designed with this in mind however if they are customers whom you don't trust then I would strongly recommend examining your file system security. Running "ssh hostname command" doens't help if they don't have rights :D I agree that it would be useful to limit which users can run remote commands through ssh. Something to consider for future development. FYI... reading the sshd man page about remote commands. You were right. login is never used for these. -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED]?subject=unsubscribe https://listman.redhat.com/mailman/listinfo/redhat-list
