search for: channeldeny

I'm searching for a simple solution to allow access to only one directory of an existing user (that may not login) via sftp-server and authorized_keys file using the extended syntax command="/usr/lib/openssh/sftp-server --root /data/exchange",no-port-forwarding,no-agent-forwarding,no-X11-forwarding,no-pty ssh-rsa AAA...keydata Is something like that already possible, is there a

...to resolve an issue where sftp-server can't send the client the real user/group after chroot(). Eventually, I could see this code becoming a base for more user-friendly options based on functionality rather than protocol messages. e.g. the option 'X11Forwarding no' could add to the ChannelDeny list rather than cluttering the code with the existing extra variables; 'AllowExec no' could do the same as denying 'exec' and 'shell'. I'll have to grab the latest version of OpenSSH (this was done on the version distributed with Ubuntu stable - 4.3p2) and sync the...