pizzashack.org - home of pizzacode

rssh homepage
rssh
rssh home
Japanese translation
security
platforms
FAQ
mailing list
download
future development
 
about pizzashack.org
home
history
 
projects
rssh
netutils
mutt patches
pipcalc
admedit
 
contact
contact Info
 

Introduction

rssh is a restricted shell for use with OpenSSH, allowing only scp and/or sftp. It now also includes support for rdist, rsync, and cvs. For example, if you have a server which you only want to allow users to copy files off of via scp, without providing shell access, you can use rssh to do that. For a list of platforms on which rssh is known to work, see the Platform Support Page.

Before installing rssh, please read the FAQ! See link at left.

Important Security Notice:

There are some potentially serious security implications involved with running rssh. Please be sure to read about them in the security section.

A note about versions: The v2.3.3 release is the only release anyone should be running at this point, regardless of what version you were running before and why you were running that version. If you're not running v2.3.3, please download it now.

News and updates

Aug 1, 2010

rssh v2.3.3 released today!

Minor Security Notice:

It's been a very long time since the last rssh release, and I like it that way. This release solves two small bugs, with minor security implications:

John Barber reported a problem where, if the system administrator misconfigures rssh by providing two few access bits in the configuration file, the user will be given default permissions (scp) to the entire system, potentially circumventing any configured chroot. Fixing this required a behavior change: In the past, using rssh without a config file would give all users default access to use scp on an unchrooted system. In order to correct the reported bug, this feature has been eliminated, and you must now have a valid configuration file. If no config file exists, all users will be locked out.

Maarten van der Schrieck noticed a bug where, under conditions which are too far-fetched to describe, the rssh_chroot_helper could crash due to calling fgets with a null pointer. This can not occur with a normal, proper installation of rssh. The code path that causes this can only be reached if the system administrator deliberately installs rssh improperly, and the hoops through which one must jump to get it to occur are substantial, so the security impact here is basically nil. But it is a legitimate bug, so I fixed it nonetheless.

The 2.3.3 release of rssh fixes these problems.

See the Download Page for my key and the latest downloads.

April 11, 2003

New rssh mailing list!
I've set up a project for rssh on Sourceforge, and created the new rssh-discuss mailing list. This is where you can post your questions about building, configuring, and running rssh.

Please do not use the bug tracker or patch manager on the sourceforge website! I do not monitor these, so posting patches or bug reports there is a waste of your time. Please only use the mailing list for all forms of communication regarding rssh.
 
SourceForge Logo