Displaying 20 results from an estimated 10000 matches similar to: "[Bug 177] provide chroot option for sftp-server"
2007 May 08
1
[Bug 177] provide chroot option for sftp-server
http://bugzilla.mindrot.org/show_bug.cgi?id=177
devel at homelinkcs.com changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |devel at homelinkcs.com
------- Comment #12 from devel at homelinkcs.com 2007-05-09 09:06 -------
(In reply to comment #11)
So
2008 Mar 31
3
[Bug 177] provide chroot option for sftp-server
https://bugzilla.mindrot.org/show_bug.cgi?id=177
Damien Miller <djm at mindrot.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|RESOLVED |CLOSED
--- Comment #16 from Damien Miller <djm at mindrot.org>
2009 Jan 09
1
setting umask for internal-sftp users
I'm running OpenSSH 5.1p1 on openSUSE 10.3 (i586) and I want to setup chroot jails for certain
SFTP-only users. I use the following lines in my sshd_config file:
Match Group sftponly
ChrootDirectory /home/chroot-%u
ForceCommand internal-sftp
It works great.
The problem is that some of my users need umask 002 for their uploads. I tried a few ways to
achieve this:
* set umask in sshrc,
2010 Feb 10
1
Syslog for chroot-jailed SFTP users?
Maybe one of you can help. We have set up a CentOS server so that
each user who logs in via sftp will be jailed in their home directory.
Here's the relevant sshd_config:
# override default of no subsystems
Subsystem sftp internal-sftp -f LOCAL2 -l INFO
Match Group sftponly
ChrootDirectory /home/%u
ForceCommand internal-sftp
This actually works great, but none of
2010 Jul 10
1
internal-sftp and logging not working with Fedora and chroot using 5.5?
Hope ya'all can help!
Been reading and reading, and adjusting... to no avail.
We need to have chroot'd SFTP activities logged on a file server and for
whatever reason, I simply cannot get it to log with users that are chroot'd
(this is necessary for auditing and HIPAA - so it is pretty important)
I have tried with Fedora 11/12 and even an older Fedora 8 server, the same
results:
1.
2020 Apr 11
2
internal-sftp + chroot [was: Parallel transfers]
Nico Kadel-Garcia wrote:
> in places where I do not want OpenSSH server's tendency ro let
> people with access look around the rest of the filesystem.
If you want users to be able to use *only* SFTP then set a ChrootDirectory
and ForceCommand internal-sftp in a Match for the user in sshd_config.
//Peter
2008 Nov 11
3
Directory permissions in chroot SFTP
Hi,
I configured openssh 5.1p1 for sftp server.
Here the specifications in sshd_config file:
Subsystem sftp internal-sftp
Match Group sftp
ForceCommand internal-sftp
ChrootDirectory /home/%u
AllowTcpForwarding no
When a user is logged in, he can't upload his document and he receives
this message:
carlo at Music:~$ sftp user at 213.217.147.123
Connecting to
2008 May 01
2
openssh-5.0p1: sftp transfer logging doesn't appear to work with chroot environment
Hi all,
I am running Debian Etch. I've compiled openssh-5.0p1 with pam
support. I'd like to use a chrooted sftp environment for my users and
also log their sftp file transfers. Currently file transfer logging
stops working when I implement a jail. Logging from within the chroot
seems like a useful feature. I hope it makes it in sooner rather than
later.
Here's the contents of my
2012 Nov 12
5
[Bug 2048] New: Make chrooted sftp more user friendly using bind mount (solution suggested)
https://bugzilla.mindrot.org/show_bug.cgi?id=2048
Priority: P5
Bug ID: 2048
Assignee: unassigned-bugs at mindrot.org
Summary: Make chrooted sftp more user friendly using bind mount
(solution suggested)
Severity: enhancement
Classification: Unclassified
OS: Linux
Reporter: harviecz at gmail.com
2013 Feb 02
2
Relaxing strict chroot checks on recent Linux kernels?
At the risk of beating a dead horse, I'd like to see the chroot
security checks relaxed a bit. On newer Linux kernels, there's a
prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0) that prevents privilege
elevation (via setuid binaries, etc) for the caller and all of its
descendants. That means that chroot(untrusted directory),
prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0), setreuid(uid, uid), execve(a
2023 Nov 12
2
restrict file transfer in rsync, scp, sftp?
On Sat, 11 Nov 2023, Bob Proulx wrote:
> I am supporting a site that allows members to upload release files. I
> have inherited this site which was previously existing. The goal is
> to allow members to file transfer to and from their project area for
> release distribution but not to allow general shell access and not to
> allow access to other parts of the system.
>
>
2007 Sep 05
3
Chrooting SFTP over SSH2
Hi,
As per the subject line - if I look up setting up chroot jails for SFTP over
SSH2 I'm led to various Web sites and patches and also to a CentOS wiki page
dated 2005, but what's the 'best' or 'correct' way to set this up for Centos
4.5 and 5?
Thanks
2008 Nov 11
2
Fwd: Permissions in chroot SFTP
Hi,
I configured openssh 5.1p1 for sftp server.
Here the specifications in sshd_config file:
Subsystem sftp internal-sftp
Match Group sftp
ForceCommand internal-sftp
ChrootDirectory /home/%u
AllowTcpForwarding no
When a user is logged in, he can't upload his document and he receives
this message:
carlo at Music:~$ sftp user at 213.217.147.123
Connecting to
2014 May 19
3
using OpenSSH/SFTP to replace an FTP server securely
Hello Folks,
I'm trying to replace an FTP with several hundred users with something secure.
My requirements:
- transfers must be logged
- users should not have any access to other users' directories
- users should land in a writable directory
- users should be chrooted
I've been trying to get this working with OpenSSH and the internal SFTP server,
but it does not
2015 Aug 02
2
Chrooted SFTP-only users along with normal SFTP
Hi!
I want to set a OpenSSH server which restricts some users to only
chrooted SFTP, while others have full/normal ssh, scp and sftp access.
Most or all guides on the web say that I should enable the config line
"Subsytem sftp internal-sftp" among other things, but I've found out
that this only causes non-restricted users to not be able use SFTP at
all, only the chrooted users.
2006 Jul 06
1
[Bug 177] provide chroot option for sftp-server
http://bugzilla.mindrot.org/show_bug.cgi?id=177
djm at mindrot.org changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #683 is|0 |1
obsolete| |
Attachment #1018 is|0 |1
obsolete|
2009 Oct 23
3
internal-sftp only without ssh and scp hanging
I've configured OpenSSH_5.3p1 to only allow sftp connections (openssh
chroot functionality).
i.e.
Subsystem sftp internal-sftp
Match group sftpusers
ChrootDirectory /chroot/%u
X11Forwarding no
AllowTcpForwarding no
ForceCommand internal-sftp
So far everything works correctly with sftp but when a user ssh's or
scp's to the box the login
2008 May 25
1
OpenSSH + chroot + SELinux = broke
Hello,
First, a big thank you to the OpenSSH devs.
_ /Problem Summary:/
_ Chroot and SELinux don't get along. This affects both the new
(official) ChrootDirectory feature, as well as the older (3rd party)
patch at http://chrootssh.sourceforge.net/.
_ /History and repro:/
_ On March 21, 2008, Alexandre Rossi posted to this list with the
subject: "*ChrootDirectory
2014 Mar 17
1
internal-sftp stuck on 'ls' with chrootdirectory
Hi all,
I am using Match directive and internal-sftp to chroot sftp users into their
directory. Connection and login works. I can change directories and put/get
files. Also logging of the internal sftp-process works (created a /dev/log
socket inside the chroot). As soon as I use the 'ls' command, nothing
happens and the the process gets stuck. Listing files does work as soon as I
remove
2012 Sep 30
2
User can't use SFTP after chroot
Hi,
I've posted this question on ServerFault, but no answer has been found
(http://serverfault.com/questions/431329/user-cant-sftp-after-chroot).
I have version 1:5.3p1-3ubuntu7
To sum up: I want to chroot the user sam. Things I have done:
- add user 'sam' to group 'users'
- added Subsystem sftp internal-sftp to /etc/ssh/sshd_config (at the bottom)
- added a Match :
--
Match