Re: Question about RSSH

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

On Fri, Feb 06, 2009 at 03:03:25PM -0600, Robert Dailey wrote:
> I've read the docs (man pages) for
> rssh<http://www.digipedia.pl/man/rssh.1.html>and
> rssh.conf <http://www.digipedia.pl/man/rssh.conf.5.html>, however I am at a
> stopping point. I really don't know enough about linux, rssh, or ssh to be
> able to diagnose these problems by myself. So while it is easy to tell
> someone to reference the docs, that's not always the appropriate solution to
> all questions. 

In this case, it most definitely is.  The man pages are not the only
docs... in fact both man pages refer to the document you need to read.
Please understand, if it seems like I'm stubbornly refusing to answer
your questions, it's because the answers are extremely long and
complicated, and I have already done so -- in painstaking detail -- in
the documentation provided with rssh.  Please see these FAQ entries,
which directly address the questions you're asking here:

  http://www.pizzashack.org/rssh/faq.shtml#6

  http://www.pizzashack.org/rssh/faq.shtml#9

Any information I could give you is already spelled out in the CHROOT
documentation file provided with rssh, which is discussed in these two
faq entries, and also discussed in both man pages.

I do apologize that the website is currently broken (it's not parsing
shtml properly).  However it seems you found the FAQ (you said you
read it), and those questions are answered there...  Once you've read
the appropriate docs, if you can ask clear, intelligent questions
about what you still don't understand, I'm sure I or someone would be
happy to answer them.

One last note: SECURITY IS HARD, AND MUST NOT BE TAKEN LIGHTLY.  The
purpose of rssh is to greatly improve one particular aspect of the
security of your system, as a part of a much greater whole security
solution involving lots of other moving parts.  However, if you don't
know much about Linux, SSH, and rssh, then you will almost certainly
fail to achieve that goal.  If you really want to make sure you're
acheiving your goal of securing your system, I think you should plan
to spend several hours carefully and thoroughly reading all of the
docs for SSH, and rssh, and then get yourself a good book on Linux
security, and read it cover to cover.  Twice. ;-)  (Though, I'm only
half-kidding about reading it twice...)

People often complain that I'm being unnecessarily harsh when I make
posts like this... believing they're an attempt to put people
down or something.  But that's not the case at all...  I'm simply
trying to warn you in very plain language that you are playing with
fire.  How big the fire is depends on how sensitive your data is...
If you implement a security solution too hastily, wihtout
understanding it, you will definitely get burned.

I'm NOT trying to suggest that if you don't understand this stuff from
the beginning, you're a moron (as some people seem to think).
Instead, I'm telling you flat out that if you don't take the time to
really learn how this stuff works, you probably won't get it right.
Scanning the man page for a couple of minutes isn't going to cut it...
You may even need to read and reread all the docs several times, and
then seek out additional information to explain the stuff you still
didn't understand.  That's just the way it is when you're dealing with
security.

-- 
Derek D. Martin
http://www.pizzashack.org/
GPG Key ID: 0x81CFE75D