Linux repositories inspector

rssh - Restricted shell for use with OpenSSH, allowing only scp and/or sftp

rssh is a restricted shell for use with OpenSSH, allowing only scp and/or sftp. For example, if you have a server which you only want to allow users to copy files off of via scp, without providing shell access, you can use rssh to do that. It is a alternative to scponly.
2.3.4
Debian iconDebian 9.0
Fedora iconFedora 28
Fedora iconFedora 29
Fedora iconFedora 30
Fedora iconFedora 31
Fedora iconFedora rawhide
Ubuntu iconUbuntu 17.10
Ubuntu iconUbuntu 18.04 LTS
Ubuntu iconUbuntu 18.10
Ubuntu iconUbuntu 16.04 LTS
DistributionVersionSincePackageInstalledPackager
Debian iconDebian 9.0 stretch/maindeb2.3.4-5+deb9u42019-06-1754.6 kiB148 kiB
Fedora iconFedora 28 releases/Everything-osrpm2.3.4-11.fc282019-01-1451.8 kiB105 kiBFedora Project
Fedora iconFedora 29 releases/Everything-osrpm2.3.4-12.fc292019-01-1449.3 kiB119 kiBFedora Project
Fedora iconFedora 29 releases-test/Everything-osrpm2.3.4-12.fc292019-01-1449.3 kiB119 kiBFedora Project
Fedora iconFedora 30 releases/Everything-osrpm2.3.4-13.fc302019-06-1746.9 kiB135 kiBFedora Project
Fedora iconFedora 31 releases/Everything-osrpm2.3.4-14.fc312020-01-0750.7 kiB118 kiBFedora Project
Fedora iconFedora rawhide development/Everything-osrpm2.3.4-17.fc322020-02-0851.1 kiB117 kiBFedora Project
Ubuntu iconUbuntu 17.10 artful/universedeb2.3.4-52017-11-1045.6 kiB140 kiB
Ubuntu iconUbuntu 18.04 LTS bionic/universedeb2.3.4-72017-12-2445.6 kiB144 kiB
Ubuntu iconUbuntu 18.04 LTS bionic-security/universedeb2.3.4-7ubuntu0.12019-06-1746.6 kiB145 kiB
Ubuntu iconUbuntu 18.04 LTS bionic-updates/universedeb2.3.4-7ubuntu0.12019-06-1746.6 kiB145 kiB
Ubuntu iconUbuntu 18.10 cosmic/universedeb2.3.4-82019-01-1445.5 kiB144 kiB
Ubuntu iconUbuntu 18.10 cosmic-security/universedeb2.3.4-8ubuntu0.22019-06-1746.7 kiB153 kiB
Ubuntu iconUbuntu 18.10 cosmic-updates/universedeb2.3.4-8ubuntu0.22019-06-1746.7 kiB153 kiB
Ubuntu iconUbuntu 16.04 LTS xenial/universedeb2.3.4-42017-11-1045.9 kiB181 kiB
Ubuntu iconUbuntu 16.04 LTS xenial-security/universedeb2.3.4-4+deb8u2ubuntu0.16.04.22019-06-1747 kiB146 kiB
Ubuntu iconUbuntu 16.04 LTS xenial-updates/universedeb2.3.4-4+deb8u2ubuntu0.16.04.22019-06-1747 kiB146 kiB

Manual pages

rssh(1)

rssh - restricted secure shell allowing only scp and/or sftp

rssh.conf(5)

/etc/rssh.conf - configuration file for rssh

Latest updates

Fedora icon

Fedora rawhide development/Everything-os: Updated from 2.3.4-16.fc32 to 2.3.4-17.fc32

2020-02-08
Fedora icon

Fedora rawhide development/Everything-os: Updated from 2.3.4-15.fc32 to 2.3.4-16.fc32

2020-01-25
  • Fix regression in patch for CVE-2019-1000018.
Fedora icon

Fedora 31 releases/Everything-os: Version 2.3.4-14.fc31 introduced

2020-01-07
Fedora icon

Fedora rawhide development/Everything-os: Updated from 2.3.4-14.fc31 to 2.3.4-15.fc32

2019-10-31
  • Clean up specfile.
  • Add patches for CVE-2019-3463, CVE-2019-3464 and CVE-2019-1000018.
Ubuntu icon

Ubuntu 18.04 LTS bionic-updates/universe: Version 2.3.4-7ubuntu0.1 reintroduced

2019-09-05
Ubuntu icon

Ubuntu 18.04 LTS bionic-updates/universe: Version 2.3.4-7ubuntu0.1 removed

2019-09-05
Fedora icon

Fedora rawhide development/Everything-os: Updated from 2.3.4-13.fc30 to 2.3.4-14.fc31

2019-08-03
Ubuntu icon

Ubuntu 16.04 LTS xenial-security/universe: Version 2.3.4-4+deb8u2ubuntu0.16.04.2 reintroduced

2019-08-02
Ubuntu icon

Ubuntu 18.04 LTS bionic-updates/universe: Version 2.3.4-7ubuntu0.1 reintroduced

2019-08-02
Ubuntu icon

Ubuntu 18.04 LTS bionic-security/universe: Version 2.3.4-7ubuntu0.1 reintroduced

2019-08-02
Ubuntu icon

Ubuntu 16.04 LTS xenial-updates/universe: Version 2.3.4-4+deb8u2ubuntu0.16.04.2 reintroduced

2019-08-02
Ubuntu icon

Ubuntu 18.04 LTS bionic-updates/universe: Version 2.3.4-7ubuntu0.1 removed

2019-08-02
Ubuntu icon

Ubuntu 16.04 LTS xenial-security/universe: Version 2.3.4-4+deb8u2ubuntu0.16.04.2 removed

2019-08-02
Ubuntu icon

Ubuntu 16.04 LTS xenial-updates/universe: Version 2.3.4-4+deb8u2ubuntu0.16.04.2 removed

2019-08-02
Ubuntu icon

Ubuntu 18.04 LTS bionic-security/universe: Version 2.3.4-7ubuntu0.1 removed

2019-08-01
Fedora icon

Fedora 30 releases/Everything-os: Version 2.3.4-13.fc30 introduced

2019-06-17
Debian icon

Debian 9.0 stretch-proposed-updates/main: Version 2.3.4-5+deb9u4 removed

2019-06-17
Debian icon

Debian 9.0 stretch/main: Updated from 2.3.4-5+deb9u3 to 2.3.4-5+deb9u4

2019-06-17
  • The fix for the scp security vulnerability in 2.3.4-9 combined with the regression fix in 2.3.4-10 rejected the -pf and -pt options, which are sent by libssh2's scp support. Add support for those variants. (LP #1815935)
Ubuntu icon

Ubuntu 18.10 cosmic-updates/universe: Version 2.3.4-8ubuntu0.2 introduced

2019-06-17
  • SECURITY UPDATE: Command injection
    • debian/patches/0009-Verify-scp-command-options.patch: Validate the allowed scp command line and only permit the flags used in server mode and only a single argument, to attempt to prevent use of ssh options to run arbitrary code on the server. This will break scp -3 to a system running rssh, which seems like an acceptable loss. (LP #1815935)
    • debian/patches/0007-Verify-rsync-command-options.patch: Tighten validation of the rsync command line to require --server be the first argument, which should prevent initiation of an outbound rsync command from the server, which in turn might allow execution of arbitrary code via ssh configuration similar to scp.

    Also reject rsync --daemon and --config command-line options, which
    can be used to run arbitrary commands. Thanks, Nick Cleaton.

    Do not stop checking the rsync command line at --, since this can
    be an argument to some other option and later arguments may still
    be interpreted as options. In the few cases where one needs to
    rsync to files named things like --rsh, the client can use ./--rsh
    instead. Thanks, Nick Cleaton.

    • debian/patches/0010-Check-command-line-after-chroot.patch: Unset the HOME environment variable when running rsync to prevent popt (against which rsync is linked) from loading a ~/.popt configuration file, which can run arbitrary commands on the server or redefine command-line options to bypass argument checking. Thanks, Nick Cleaton.
    • CVE-2019-1000018
    • CVE-2019-3463
    • CVE-2019-3464

Ubuntu icon

Ubuntu 18.10 cosmic-security/universe: Version 2.3.4-8ubuntu0.2 introduced

2019-06-17
  • SECURITY UPDATE: Command injection
    • debian/patches/0009-Verify-scp-command-options.patch: Validate the allowed scp command line and only permit the flags used in server mode and only a single argument, to attempt to prevent use of ssh options to run arbitrary code on the server. This will break scp -3 to a system running rssh, which seems like an acceptable loss. (LP #1815935)
    • debian/patches/0007-Verify-rsync-command-options.patch: Tighten validation of the rsync command line to require --server be the first argument, which should prevent initiation of an outbound rsync command from the server, which in turn might allow execution of arbitrary code via ssh configuration similar to scp.

    Also reject rsync --daemon and --config command-line options, which
    can be used to run arbitrary commands. Thanks, Nick Cleaton.

    Do not stop checking the rsync command line at --, since this can
    be an argument to some other option and later arguments may still
    be interpreted as options. In the few cases where one needs to
    rsync to files named things like --rsh, the client can use ./--rsh
    instead. Thanks, Nick Cleaton.

    • debian/patches/0010-Check-command-line-after-chroot.patch: Unset the HOME environment variable when running rsync to prevent popt (against which rsync is linked) from loading a ~/.popt configuration file, which can run arbitrary commands on the server or redefine command-line options to bypass argument checking. Thanks, Nick Cleaton.
    • CVE-2019-1000018
    • CVE-2019-3463
    • CVE-2019-3464

Related packages

rssh-debuginfo - Debug information for package rssh
rssh-debugsource - Debug sources for package rssh
⇧ Top