Security Basics mailing list archives
RE: Restricting SSH in windows
From: "Jeff Gercken" <JeffG () kizan com>
Date: Mon, 14 Feb 2005 09:18:53 -0500
Why not just use a stripped down version of a linux live cd (knoppix, distro boot cd, etc). FTP and telnet are pretty universal so they don't have to be linux gurus or anything. I would additionally create a normal user account for them (otherwise disable the hd's in bios) to use and configure iptables to limit outbound connections. I don't think you'll find a solution in windows for what you're looking for without setting DACLs everywhere. -Jeff -----Original Message----- From: Brian T [mailto:briant4592 () hotmail com] Sent: Friday, February 11, 2005 11:37 AM To: security-basics () securityfocus com Subject: Restricting SSH in windows I have a situation where a vendor is SSHing into a windows box on our internal network that is connected to the console of a system that he needs to support. In an effort to restrict the vendor's access to our network we disconnect the network connection of the supported system during maintenance procedures. There is, however still the issue of the vendor having unrestricted shell access to the windows box. The ssh server is using Cygwin and Openssh v3.5p1. I would like to restrict the commands the vendor is allowed to execute (in this case only ftp and telnet). All research I have conducted so far has not given me anything useful for windows. Does anyone have any experience is a situation such as this? Thanks, Brian T _________________________________________________________________ Express yourself instantly with MSN Messenger! Download today - it's FREE! http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/
Current thread:
- Restricting SSH in windows Brian T (Feb 11)
- Re: Restricting SSH in windows Daniel Miessler (Feb 14)
- Re: Restricting SSH in windows John Pettitt (Feb 14)
- <Possible follow-ups>
- RE: Restricting SSH in windows Jeff Gercken (Feb 14)