similar to: [Bug 1235] [PATCH] scp does unnecessary getpwuid(), breaking chroot

https://bugzilla.mindrot.org/show_bug.cgi?id=1235 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution|--- |WORKSFORME --- Comment #7 from Damien Miller <djm at

http://bugzilla.mindrot.org/show_bug.cgi?id=1235 Summary: [PATCH] scp does unnecessary getpwuid(), breaking chroot Product: Portable OpenSSH Version: -current Platform: Other OS/Version: Linux Status: NEW Severity: normal Priority: P2 Component: scp AssignedTo: bitbucket at mindrot.org

https://bugzilla.mindrot.org/show_bug.cgi?id=1235 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |djm at mindrot.org --- Comment #3 from Damien Miller <djm at mindrot.org> 2008-06-15 05:56:31 --- I

https://bugzilla.mindrot.org/show_bug.cgi?id=1235 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED --- Comment #8 from Damien Miller <djm at mindrot.org> --- Set all RESOLVED bugs to CLOSED with release

https://bugzilla.mindrot.org/show_bug.cgi?id=1755 Summary: Broken pipe with scponly with debuglevel Product: Portable OpenSSH Version: 5.4p1 Platform: All OS/Version: Linux Status: NEW Severity: normal Priority: P2 Component: sftp-server AssignedTo: unassigned-bugs at mindrot.org

Hi, sorry if it is the wrong approuch to suggest improvments to OpenSSH, but here comes my suggestion: I recently stumbled upon the scponly shell which in it's chroot:ed form is an ideal solution when you want to share some files with people you trust more or less. The problem is, if you use the scponlyc as shell, port forwarding is still allowed. This can of course be dissallowed in

-----Original Message----- From: CentOS [mailto:centos-bounces at centos.org] On Behalf Of Rainer Duffner Sent: Samstag, 21. Oktober 2017 00:41 To: CentOS mailing list Subject: Re: [CentOS] scp setup jailed chroot on Centos7 > Am 20.10.2017 um 15:58 schrieb Adrian Jenzer <a.jenzer at herzogdemeuron.com>: > > Dear all > > I'm looking for instructions on how to setup a

A client wants me to set up a mechanism whereby his customers can drop files securely into directories on his FreeBSD server; he also wants them to be able to retrieve files if needed. The server is already running OpenSSH, and he himself is using Windows clients (TeraTerm and WinSCP) to access it, so the logical thing to do seems to be to have his clients send and receive files via SFTP or SCP.

Hello list. I would like to get your opinion on what is a safe multi-user environment. The scenario: We would like to offer to some customers of ours some sort of network backup/archive. They would put daily or weekly backups from their local machine on our server using rsync and SSH. Therefore, they all have a user account on our server. However, we must ensure that they would absolutely not be

Hello, I'm new to the list, but hopefully I've done enough digging around that I don't get yelled at too terribly ;) We're looking to implement a chrooted environment for allowing users to scp files from servers. That's basically the only functionality that we need in this case. We're looking to chroot the user and/or remove any chance that the account can login via

Hi, As per the subject line - if I look up setting up chroot jails for SFTP over SSH2 I'm led to various Web sites and patches and also to a CentOS wiki page dated 2005, but what's the 'best' or 'correct' way to set this up for Centos 4.5 and 5? Thanks

Hi folks, I have been stumped on a compilation problem when I tried to build 176.gcc of SPEC CPU2000 with clang v 2.8 (trunk 427) on Linux and intel. First, I tried to compile with 'clang -std=c89 *.c -o gcc.clang' since the default C standard of Clang is c99 while that of gcc is c89. It reported this error: ./c-gperf.h:14:1: error: unknown type name 'inline' inline ^

Hi all: I'm looking to chroot sftp; but not chroot ssh sessions. I came across some info that said this is possible. But after searching this list's archives and Google, I was rather confused about the different patches for chrooting, and couldn't find anything that appeared to only chroot sftp. Is such a patch available? Can someone point me in the right direction? Erik

Hi Does anyone know if chroot is part of the latest openssh . If not how do I enable the chroot feature with the openssh. Any help is appreciated. I am currently running 3.7.1p2. This version allows the user to traverse to other dirs and they can ftp the files . I want to lock down the users to their home dir . thanks

https://bugzilla.samba.org/show_bug.cgi?id=1890 devzero at web.de changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |devzero at web.de ------- Comment #3 from devzero at web.de 2009-08-07 05:11 CST ------- wouldn`t it be better to give up on that effort

From: maximilian attems <max at stro.at> On review of klibc dash changes: "Hmm, this breaks the non-glibc case. You're now returning a pointer to a string on the stack which is illegal." Herbert Xu Use upstream dash way. Signed-off-by: maximilian attems <max at stro.at> Cc: Herbert Xu <herbert at gondor.apana.org.au> --- usr/dash/cd.c | 7 ++++--- 1 files

Hello, I know this chroot issue has been brought up many times before on this list. I saw that the contribibuted chroot-patch was removed from the contrib directory because it always was out of date. The main reason was of course was that sftp-server has to be run as root to be able to do the chroot() call? Most of you are against chroot (since it isnt in the src) but I believe a lot of users

On 01/18/2011 06:38 PM, Bin Zeng wrote: > Hi folks, > > I have been stumped on a compilation problem when I tried to build > 176.gcc of SPEC CPU2000 with clang v 2.8 (trunk 427) on Linux and intel. > First, I tried to compile with 'clang -std=c89 *.c -o gcc.clang' since > the default C standard of Clang is c99 while that of gcc is c89. It > reported this error: >

Hi, getpwuid is called as seen in the patch, and is then called again indirectly by tilde_expand_filename without first copying off the results from the first call. This is fatal on MacOSX (and it would seem it should be fatal elsewhere, too). Please CC me in replies; I'm not a subscriber. --- openssh-4.4p1/ssh.c 2006-09-01 22:32:40.000000000 -0700 +++ openssh-4.4p1-fix/ssh.c

In our native Win2K3 AD domain, several AD accounts have a sIDHistory that carry SIDs from before the AD domain migration in addition to the "primary" objectSID. Samba 3.0.21c winbindd (with idmap OpenLDAP backend) on domain member servers (running SuSE 9.3 Pro) allocates multiple uids for these SIDs with the same (AD) user name: Primary SID: # getent passwd myuser