Re: Question about RSSH
Brought to you by:
xystrus
From: Derek M. <co...@pi...> - 2009-02-06 22:05:39
|
On Fri, Feb 06, 2009 at 03:03:25PM -0600, Robert Dailey wrote: > I've read the docs (man pages) for > rssh<http://www.digipedia.pl/man/rssh.1.html>and > rssh.conf <http://www.digipedia.pl/man/rssh.conf.5.html>, however I am at a > stopping point. I really don't know enough about linux, rssh, or ssh to be > able to diagnose these problems by myself. So while it is easy to tell > someone to reference the docs, that's not always the appropriate solution to > all questions. In this case, it most definitely is. The man pages are not the only docs... in fact both man pages refer to the document you need to read. Please understand, if it seems like I'm stubbornly refusing to answer your questions, it's because the answers are extremely long and complicated, and I have already done so -- in painstaking detail -- in the documentation provided with rssh. Please see these FAQ entries, which directly address the questions you're asking here: http://www.pizzashack.org/rssh/faq.shtml#6 http://www.pizzashack.org/rssh/faq.shtml#9 Any information I could give you is already spelled out in the CHROOT documentation file provided with rssh, which is discussed in these two faq entries, and also discussed in both man pages. I do apologize that the website is currently broken (it's not parsing shtml properly). However it seems you found the FAQ (you said you read it), and those questions are answered there... Once you've read the appropriate docs, if you can ask clear, intelligent questions about what you still don't understand, I'm sure I or someone would be happy to answer them. One last note: SECURITY IS HARD, AND MUST NOT BE TAKEN LIGHTLY. The purpose of rssh is to greatly improve one particular aspect of the security of your system, as a part of a much greater whole security solution involving lots of other moving parts. However, if you don't know much about Linux, SSH, and rssh, then you will almost certainly fail to achieve that goal. If you really want to make sure you're acheiving your goal of securing your system, I think you should plan to spend several hours carefully and thoroughly reading all of the docs for SSH, and rssh, and then get yourself a good book on Linux security, and read it cover to cover. Twice. ;-) (Though, I'm only half-kidding about reading it twice...) People often complain that I'm being unnecessarily harsh when I make posts like this... believing they're an attempt to put people down or something. But that's not the case at all... I'm simply trying to warn you in very plain language that you are playing with fire. How big the fire is depends on how sensitive your data is... If you implement a security solution too hastily, wihtout understanding it, you will definitely get burned. I'm NOT trying to suggest that if you don't understand this stuff from the beginning, you're a moron (as some people seem to think). Instead, I'm telling you flat out that if you don't take the time to really learn how this stuff works, you probably won't get it right. Scanning the man page for a couple of minutes isn't going to cut it... You may even need to read and reread all the docs several times, and then seek out additional information to explain the stuff you still didn't understand. That's just the way it is when you're dealing with security. -- Derek D. Martin http://www.pizzashack.org/ GPG Key ID: 0x81CFE75D |