Hello out there! I've searched this list up and down in order to find a clue about restricting sftp or scp to a defined path or to a chroot jail. It seems there has been development on some patches but I can't find further information. Is there any support or planned support for restricting sftp or scp to a certain path? If there is already support for this, does anybody have a howto about this issue? Why I am asking this question: I want to provide ONLY uploading and downloading on a public server for very few users. These users will be authenticated by their keys. As mankind is very nosy I want to suppress any "just looking around in your server attempts". They just have to see their upload and download area - nothing more. FTP is no good idea because we need encryption and authenticity of the transferred data. Best regards Manfred Heubach ----------------------------------- manfred heubach edv und neue medien ----------------------------------- manfred heubach heubach at heubach-edv.de www.heubach-edv.de b?ro/office +49.711.9315824 support +49.711.31006800 fax +49.711.9315825 -----------------------------------
make sftp-server setuid root and let it do the chroot itself, depending on a config file, like /etc/sftp-chrootusers but you have to be careful. chroot $HOME is probably not really save if .ssh is writeable to the user. and so on. -m
> -----Urspr?ngliche Nachricht----- > Von: Markus Friedl [SMTP:markus at openbsd.org] > Gesendet am: Donnerstag, 15. November 2001 20:09 > An: Manfred Heubach > Cc: 'openssh-unix-dev at mindrot.org' > Betreff: Re: again chroot > > > make sftp-server setuid root and let it do the chroot itself, > depending on a config file, like /etc/sftp-chrootusers > > but you have to be careful. chroot $HOME is > probably not really save if .ssh is writeable to > the user. and so on. > > -mDear Markus, how do I tell sftp-server about a file like /etc/sftp-chrootusers? I can't find any corresponding option. Is this already implemented or do I have to do the programming by myself? Regards Manfred
> I can provide you with a patch that has been floating around (and I've> used to some extent) for chroot sftp-server, but I do chroot() oddly over > here to handle the ~/.ssh/ case. (No user ownes their ~/ and theire .ssh > is root owned and chmod 000). So it is not extazct what Markus suggests. I'm in the process of making these same modifications and would be very interested in seeing this patch as well. -Paul
Maybe Matching Threads
- Using ACLs with Samba 2.2.2 on a 2.4.10 Kernel
- Problems with GID Samba 3.0.0 Beta2 Debian Testing
- Profiles not working with W2K SP4, Samba 3.0.0beta2 (already posted but got no answer)
- Swat not authenticating root but other users work (PAM Problem?)
- new feature chroot environment patch