RE: Restricting SSH in windows

["Jeff Gercken" <JeffG () kizan com>]

Why not just use a stripped down version of a linux live cd (knoppix,
distro boot cd, etc).  FTP and telnet are pretty universal so they don't
have to be linux gurus or anything.  I would additionally create a
normal user account for them (otherwise disable the hd's in bios) to use
and configure iptables to limit outbound connections.

I don't think you'll find a solution in windows for what you're looking
for without setting DACLs everywhere.

-Jeff

-----Original Message-----
From: Brian T [mailto:briant4592 () hotmail com] 
Sent: Friday, February 11, 2005 11:37 AM
To: security-basics () securityfocus com
Subject: Restricting SSH in windows

I have a situation where a vendor is SSHing into a windows box on our 
internal network that is connected to the console of a system that he
needs 
to support.  In an effort to restrict the vendor's access to our network
we 
disconnect the network connection of the supported system during
maintenance 
procedures.  There is, however still the issue of the vendor having 
unrestricted shell access to the windows box.  The ssh server is using 
Cygwin and Openssh v3.5p1.  I would like to restrict the commands the
vendor 
is allowed to execute (in this case only ftp and telnet).  All research
I 
have conducted so far has not given me anything useful for windows.
Does 
anyone have any experience is a situation such as this?

Thanks,
Brian T

_________________________________________________________________
Express yourself instantly with MSN Messenger! Download today - it's
FREE! 
http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/