Security Basics mailing list archives
Re: Restricting SSH in windows
From: Daniel Miessler <daniel () dmiessler com>
Date: Sun, 13 Feb 2005 12:43:11 -0500
On Feb 11, 2005, at 11:37 AM, Brian T wrote:
I have a situation where a vendor is SSHing into a windows box on our internal network that is connected to the console of a system that he needs to support. In an effort to restrict the vendor's access to our network we disconnect the network connection of the supported system during maintenance procedures. There is, however still the issue of the vendor having unrestricted shell access to the windows box. The ssh server is using Cygwin and Openssh v3.5p1. I would like to restrict the commands the vendor is allowed to execute (in this case only ftp and telnet). All research I have conducted so far has not given me anything useful for windows. Does anyone have any experience is a situation such as this?
At first glance, I don't see how you could do this. My first idea would be to give them a very limited user account (in Active Directory or locally) that will limit their ability to do damage to the host itself; with proper NTFS permissions in place, you can gain a *decent* amount of protection by doing this.
It's not ideal, but it's something to do if you're forced to give them a shell and you have no other solution.
Regards, -Daniel R. Miessler
Current thread:
- Restricting SSH in windows Brian T (Feb 11)
- Re: Restricting SSH in windows Daniel Miessler (Feb 14)
- Re: Restricting SSH in windows John Pettitt (Feb 14)
- <Possible follow-ups>
- RE: Restricting SSH in windows Jeff Gercken (Feb 14)