This is the mail archive of the
mailing list for the Cygwin project.
RE: Single-user Cygwin for improved security under standalone use with OpenSSH
- From: "WARDEN,JON (HP-FtCollins,ex1)" <jon dot warden at hp dot com>
- To: cygwin at cygwin dot com
- Date: Wed, 9 Jul 2003 18:05:35 -0400
- Subject: RE: Single-user Cygwin for improved security under standalone use with OpenSSH
This is interesting- it points to a missing part of my description of
the situation. I guess this would be called the "security model" of
this situation: what is trusted and what is not trusted.
In this situation, the commands (running as "administrator) executed by
SSH on behalf of the remote user are assumed "trusted", but the (Windows)
commands excuted by the non-administrator on the local machine are not
trusted. We would like to guard against an attempt by a non-administrator
on the local machine to subvert the remote execution of a program via SSH
running as administrator.
I think you are right- if it is the incoming SSH connection that is not
trusted, it is much better to restrict the commands available than to
try to protect the machine itself (including Cygwin) from subversion.
|This is coming from a different angle, but have you
|thought of tightening security using the SSH server
|instead? I think you are considering opening up an
|interactive session using SSH in order to execute
|arbitrary commands on the remote system. However, you can
|configure ssh on a per-account basis to use forced
|commands rather than executing whatever program the user
|wants. You can write a script to parse the command sent
|by the user and then execute the appropriate program. You
|can also disable tty and interactive sessions. It seems
|like this might be a simpler approach than trying to
|restrict what an ssh user can do in an interactive session.
|The O'Reilly book "SSH, the Secure Shell: The Definitive
|http://safari.oreilly.com/0596000111) is an excellent
|source for how to do this.
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Problem reports: http://cygwin.com/problems.html