This is the mail archive of the mailing list for the Cygwin project.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

RE: Single-user Cygwin for improved security under standalone use with OpenSSH


This is interesting- it points to a missing part of my description of
the situation. I guess this would be called the "security model" of 
this situation: what is trusted and what is not trusted.

In this situation, the commands (running as "administrator) executed by
SSH on behalf of the remote user are assumed "trusted", but the (Windows)
commands excuted by the non-administrator on the local machine are not 
trusted. We would like to guard against an attempt by a non-administrator 
on the local machine to subvert the remote execution of a program via SSH 
running as administrator.

I think you are right- if it is the incoming SSH connection that is not
trusted, it is much better to restrict the commands available than to 
try to protect the machine itself (including Cygwin) from subversion.

    |This is coming from a different angle, but have you 
    |thought of tightening security using the SSH server 
    |instead?  I think you are considering opening up an 
    |interactive session using SSH in order to execute 
    |arbitrary commands on the remote system.  However, you can 
    |configure ssh on a per-account basis to use forced 
    |commands rather than executing whatever program the user 
    |wants.  You can write a script to parse the command sent 
    |by the user and then execute the appropriate program.  You 
    |can also disable tty and interactive sessions.  It seems 
    |like this might be a simpler approach than trying to 
    |restrict what an ssh user can do in an interactive session.
    |The O'Reilly book "SSH, the Secure Shell: The Definitive 
    |Guide" (see
    | is an excellent 
    |source for how to do this.

Unsubscribe info:
Problem reports:

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]