I am wondering what modifications to the chroot patch in the contrib directory for openssh would be necessary for it to be accepted into the standard release. Is anybody currently working on chroot for openssh? I would be willing to work on improving and testing the patch if I knew it would become a standard part of openssh. My main interest in a chrooted openssh is to provide chrooted sftp so I can get rid of non-anonymous ftp entirely. It would also be convenient if the sftp functionality was inside the openssh server so that chrooted accounts wouldn't require sftp-server to be located in their directory. In some ways it would seem that ftp over SSL would be more suitable, but there are a lot more ssh clients that support sftp than ftp clients that support ssl. -Edwin Grubbs
chroot is hard. sftp-server will do chrooting at some point. probably not to $HOME by default, but to $HOME/subdir, because otherwise manipulation of .ssh and .forward is possible. sshd will not do chrooting, because setting up a chroot-env in $HOME is a nightmare.
Reasonably Related Threads
- openssh-5.0p1: sftp transfer logging doesn't appear to work with chroot environment
- openssh-5.0p1: sftp transfer logging doesn't appear to work with chroot environment [SOLVED]
- Chrooted sftp, did you getting it working?
- using OpenSSH/SFTP to replace an FTP server securely
- sftp chroot