Q: Where is the CHROOT file you keep
mentioning?
A: If you downloaded the source, it's in there. If you installed
from RPM, then have a look in /usr/share/doc/rssh-X.X.X/ for it. If
you installed from a package distributed by your Linux distribution
vendor, look for it wherever they put their documentation files. If
all else fails, try using your package manager to list the files
included in the rssh package...
Q: Why does rssh keep dumping core on me?
A: If you built rssh for Solaris, and are not using rssh with a
version of OpenSSH >= 3.5, then by default the configure script will
try to build statically linked binaries. This is next to impossible
on Solaris, due to brain damage in Sun's C libraries. Upgrade to
OpenSSH 3.5 to fix the problem securely. Or, if that's not an option,
you can run the configure script with --disable-static, but
this opens a security hole.
If you are already using OpenSSH 3.5 or later, and/or you are not
building on Solaris, then you probably installed rssh incorrectly.
You are also probably using it with chroot jails. Be sure to read the
man page and the INSTALL file, and also the CHROOT file if you are
using rssh with chroot jails. If you don't have your jail set up
properly, you will definitely see lots of broken behavior, including
core dumps.
Q: I set up rssh and it's great! But, can't you also
add the ability to run command x?
A: Well, no. Or, actually yeah I could, but I don't want to. There
are several reasons for this, and I think they're good ones. The
purpose of rssh is to allow system administrators to allow users
access to a server via either scp or sftp, or both. This design is
simple and clean, and very easy to keep secure.
Aside from the fact that if I added the ability to run all of the
x's in people's requests, what you'd end up with would
essentially be bash, once you start adding additional commands, or
the ability to run arbitrary commands, it becomes much harder,
which is to say nearly impossible to keep secure. Too many possible
variables. Also, rssh has the ability to chroot. This
requires that the binary (or at least a helper program) is
SUID root. This only compounds the problem; one little mistake would
mean a root compromise.
So sorry, but no. As far as I'm concerned, it defeats the purpose
of having the thing in the first place, and also utterly destroys the
simplicity of the code. Maybe what you need is some other form of
secure shell. Or, feel free to take the code for rssh and modify it
any way you like. But please stop asking for this feature, 'cuz it
ain't gonna happen.
Oh, another reason is because I'm lazy... Get over it!
=8^)
Q: I support Windows users who can't/won't learn how
to use SSH command-line tools. Can't you make rssh work with
WinSCP?
A: Absolutely not. It's not because I think Windows is a
crappy operating system that should never be used whenever
alternatives exist (though that's basically true)... This ties in
with the previous question. WinSCP is a bit of a hack (though a good
one -- no offense meant to the author) which provides a GUI front end
to command-line ssh tools. It requires that the user be able to run
commands through ssh to manipulate the file system. There's already a
way to do this... with sftp. In order to make rssh work with WinSCP,
I'd have to modify rssh to be able to run a number of other commands.
This is, IMO, the wrong approach.
Update: Recent versions of WinSCP allow you to use
the SFTP protocol. If you use WinSCP with the SFTP protocol, it
will work fine with rssh. See the WinSCP documentation for
details of configuring it to use the SFTP protocol. If your version
of WinSCP does not allow this, download a more recent version.
If you want a GUI front end that works with rssh, that I
can provide. Or at least tell you where to get it. Check out FileZilla,
which is freeware, or SecureFX,
which is commercial. Thanks to Paul C. Bryan for providing me with
this information. There are also a number of commercial FTP clients
that now also support sftp. WS-FTP Pro is one. There are others.
Google is your friend.
