The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

SFTP Login via SSH Key

Discussion in 'Security' started by mtylerb, Mar 9, 2013.

  1. mtylerb

    mtylerb Well-Known Member

    Joined:
    Nov 10, 2007
    Messages:
    57
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Warburg, AB, Canada
    cPanel Access Level:
    Root Administrator
    SFTP Login Allows '/' Read Access

    I need some help, I'm thoroughly confused.

    I just logged in with one of my client's logins using an SSH key. Upon logging in, I'm able to browse to / with WinSCP. When I view the permissions of /home with the root login, it says Owner and Group are root but permissions are 0711. When I view the permissions of /home with the client's login, it says Owner and Group are root, but permissions are 0755.

    How is this possible? I tried with another account and got the same results. I can't have clients being able to access / (and thusly being able to browse other folders).

    --Additionally--

    I just tried logging in with regular password and have the same issue. So it's not just with SSH Keys. Not sure how this is possible. Any help is greatly appreciated!

    --EDIT--

    Problem is non-existent with standard FTP login. Only SFTP is affected.

    --EDIT--

    Filed a support ticket. Your Request id is: 3852363.
     
    #1 mtylerb, Mar 9, 2013
    Last edited: Mar 10, 2013
  2. quizknows

    quizknows Well-Known Member

    Joined:
    Oct 20, 2009
    Messages:
    942
    Likes Received:
    57
    Trophy Points:
    28
    cPanel Access Level:
    DataCenter Provider
    Being able to read / over sftp/ssh is normal. Even as a normal user you're going to be able to read anything that is world readable. I haven't tried cagefs in cloudlinux yet, but that may be your only option to actually stop that. Jailshell might help too, but I think I tested that in the past with less than satisfactory result.
     
  3. mtylerb

    mtylerb Well-Known Member

    Joined:
    Nov 10, 2007
    Messages:
    57
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Warburg, AB, Canada
    cPanel Access Level:
    Root Administrator
    I had all users setup with "none" for ssh access, save for my reseller account. After discussing with cPanel support via a ticket, I'm not nearly as worried about the access issue as I was before. It would be nice if SFTP users were bound to their own directory just like FTP, but they can't do any harm ... yet, so I'll let it be.
     
Loading...

Share This Page