similar to: [Bug 1461] New: session.c: don't chdir() after chroot() if chroot_path==pw->pw_dir

Hello. I have one, small question. There are any security reasons to not use a getenv("HOME") instead of pw->pw_dir in ssh.c and tildexpand.c to find user home directory? -- Grzegorz Kryza mailto: kryza at nomachine.com http://grzegorz.kryza.net

Hello, First, a big thank you to the OpenSSH devs. _ /Problem Summary:/ _ Chroot and SELinux don't get along. This affects both the new (official) ChrootDirectory feature, as well as the older (3rd party) patch at http://chrootssh.sourceforge.net/. _ /History and repro:/ _ On March 21, 2008, Alexandre Rossi posted to this list with the subject: "*ChrootDirectory

Hi, I configured openssh 5.1p1 for sftp server. Here the specifications in sshd_config file: Subsystem sftp internal-sftp Match Group sftp ForceCommand internal-sftp ChrootDirectory /home/%u AllowTcpForwarding no When a user is logged in, he can't upload his document and he receives this message: carlo at Music:~$ sftp user at 213.217.147.123 Connecting to

Hello, Is it possible to pass user's credentials provided on login time to external script? My goal is to run external script which will mount webdav share by using user's username and password and afterwards share it through samba. -- odwied? nasz? stron? <http://www.artegence.pl/swf/index.html?a=m> Do??cz do nas na Facebooku <http://www.facebook.com/artegence>

On Sun, Aug 18, 2013 at 02:29:15PM +0200, Olaf Hering wrote: > > daemon.c does just a chroot, without chdir. The result is that pwd does not > work correctly (it causes fs/dcache.c:prepend_unreachable() to add the > unreachable string). A workaround is to add "cd /" before each sh command. > > ><fs> mount /dev/sda2 / > ><fs> sh "cd / ; chroot

Hello, I am trying to configure rsyncd to mount destination encrypted FS (using EncFS) before syncing. In my rsyncd.conf : [test] path = /home/dest <...> pre-xfer exec = sleep 30 ; echo mypassword | encfs -S /home/ encrypteddir /home/dest ; sleep 30 (I have put "sleep 30" instructions just to make some tests) /home/encrypteddir is correctly mounted by rsyncd to /home/dest

daemon.c does just a chroot, without chdir. The result is that pwd does not work correctly (it causes fs/dcache.c:prepend_unreachable() to add the unreachable string). A workaround is to add "cd /" before each sh command. ><fs> mount /dev/sda2 / ><fs> sh "cd / ; chroot / ; /bin/pwd" / ><fs> sh "/bin/pwd" (unreachable)/ ><fs> sh

Hi, I saw in archive that some people made a patch to sftp-server, and that patch sets a root path. I'd like to know if there's an ideia to apply that patch in main tree of openssh? With the use of SSHFS [wich uses sftp-server], it would be interesting to have someting like that, because as we have netboot workstations, the access to devices [such as, floppy, cdrom and usb data] are

https://bugzilla.mindrot.org/show_bug.cgi?id=177 Joshua Pettett <devel at homelinkcs.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Component|sshd |sftp-server AssignedTo|openssh-bugs at mindrot.org |unassigned-bugs at mindrot.org --- Comment

At the risk of beating a dead horse, I'd like to see the chroot security checks relaxed a bit. On newer Linux kernels, there's a prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0) that prevents privilege elevation (via setuid binaries, etc) for the caller and all of its descendants. That means that chroot(untrusted directory), prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0), setreuid(uid, uid), execve(a

Hope ya'all can help! Been reading and reading, and adjusting... to no avail. We need to have chroot'd SFTP activities logged on a file server and for whatever reason, I simply cannot get it to log with users that are chroot'd (this is necessary for auditing and HIPAA - so it is pretty important) I have tried with Fedora 11/12 and even an older Fedora 8 server, the same results: 1.

Hello, whereas most people take passwd/shadow/ldap/<whatever> as the place where decision on a chrooted environment / sandbox for certain users is met (just set the given usershell appropriateley), I needed a somewhat different approach. Below is a tiny patch to 2.2.0p1 which enhances the sshd-config by two options and, when set, places all users / users of a certain group immediately in

Nico Kadel-Garcia wrote: > in places where I do not want OpenSSH server's tendency ro let > people with access look around the rest of the filesystem. If you want users to be able to use *only* SFTP then set a ChrootDirectory and ForceCommand internal-sftp in a Match for the user in sshd_config. //Peter

Accidently removed XXX comment. New patch below. Regards Magnus --- openssh-3.6.1p2/sftp-server.c.org 2003-08-11 22:07:47.098650000 +0200 +++ openssh-3.6.1p2/sftp-server.c 2003-08-16 19:07:14.273582000 +0200 @@ -24,15 +24,24 @@ #include "includes.h" RCSID("$OpenBSD: sftp-server.c,v 1.41 2003/03/26 04:02:51 deraadt Exp $"); +#define CHROOT #include "buffer.h"

Hello all, Here is an updated patch. I published the original patch published on august 16. --- openssh-3.7.1p2/sftp-server.c.org 2003-08-22 01:34:41.000000000 +0200 +++ openssh-3.7.1p2/sftp-server.c 2003-09-30 17:22:43.730402000 +0200 @@ -24,6 +24,7 @@ #include \"includes.h\" RCSID(\"$OpenBSD: sftp-server.c,v 1.43 2003/06/25 22:39:36 miod Exp $\"); +#define CHROOT

I've configured samba4 as PDC according to the official HOWTO. Nearly everything went well, except that executing command samba_dnsupdate results with: ; TSIG error with server: tsig verify failure Failed nsupdate: 2 Failed update of 21 entries The whole output is available at: http://pastebin.com/xrG2KZwZ It's wired, because domain seems working properly: I can login as domain admin,

Hello, I know this chroot issue has been brought up many times before on this list. I saw that the contribibuted chroot-patch was removed from the contrib directory because it always was out of date. The main reason was of course was that sftp-server has to be run as root to be able to do the chroot() call? Most of you are against chroot (since it isnt in the src) but I believe a lot of users

Maybe one of you can help. We have set up a CentOS server so that each user who logs in via sftp will be jailed in their home directory. Here's the relevant sshd_config: # override default of no subsystems Subsystem sftp internal-sftp -f LOCAL2 -l INFO Match Group sftponly ChrootDirectory /home/%u ForceCommand internal-sftp This actually works great, but none of

Dear developers, I need the feature of separately jailed, user writeable and user owned home dirs very badly because I have an SFTP server with 500 users who are partly nested could you please add a feature to set non root chroots with the %h option ? Otherwise I have to rewrite the chroot patch for 4.7p1 :-( thank you very much in advance Dirk

I run a sshd host solely to allow employees to tunnel secure connections to our internal hosts. Some of which do not support encrypted protocols. These connections are chroot'ed via the following in /etc/ssh/sshd_config Match Group !wheel,!xxxxxx,yyyyy AllowTcpForwarding yes ChrootDirectory /home/yyyyy X11Forwarding yes Where external users belong to group yyyyy (primary). We