similar to: [Bug 177] chroot tools for OpenSSH 3.1p1

Hi Damien, Thank you. I read the rationale. Just to summarize, a user writeable chroot target is considered dangerous if: 1) the user has another way of gaining non-chrooted access to the system 2) is able to create hardlinks to setuid-binaries outside of the chroot tree 3) there are bugs somewhere that allow privilige escalation or remote execution of other programs While all these

Hi, On CentOS 7 I?m trying to set up a chrooted SFTP server on which specific users can only read and write on specific folder. And I?d like to disable some commands, so the users can only do ?cd?, ?ls?, ?get? and ?put? (and disabling ?chgrp?, ?chmod?, ?chown?, ?df? etc ?). Is there a way to achieve it, natively or with using a third-party software ? Alexandre MALDEME Analyste d'exploitation

http://bugzilla.mindrot.org/show_bug.cgi?id=177 Summary: chroot tools for OpenSSH 3.1p1 Product: Portable OpenSSH Version: -current Platform: Other URL: http://cag.lcs.mit.edu/~raoul/. OS/Version: other Status: NEW Severity: enhancement Priority: P3 Component: sshd AssignedTo:

http://bugzilla.mindrot.org/show_bug.cgi?id=177 russell at flora.ca changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |russell at flora.ca ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the

Hi, my goal: sftp/scp only access, without the need for linux users. I want to provide 10 sftp/scp directories to 10 people. Let's call this "virtual account" I don't want to create linux users for each of them. I would like to create one linux user (backup_user). In his home-directory will be 10 directories. For each "virtual account" one directory. Every

On Sat, Jul 14, 2018 at 5:22 AM Nico Kadel-Garcia <nkadel at gmail.com> wrote: > See above. Also, the base CentOS 7 3.10.0 kernel is becoming a bit > dated: it's 5 years old now. If you have time: can you set up a > smaller instance, do kernel updates on top of a CentOs 7 AMI, and see > if *that* AMI is compatible with the new instances? Might make for an > interesting

http://bugzilla.mindrot.org/show_bug.cgi?id=177 mlists.20.jardel at spamgourmet.com changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |mlists.20.jardel at spamgourmet | |.com ------- Additional Comments From

I worked on a proposal like this a few years back (including proof of concept code).? I taught sftp to have an scp personality (closer to scp2 than scp), and it was rejected by the higher ups.? It may have been the dual-personality issue, but I know the scp2 concept was also rejected at the time as it was stated there should be one transfer tool. But the only way to drag scp into this century

On Sat, May 30, 2015 at 10:38 AM, Phil Pennock <phil.pennock at globnix.org> wrote: > On 2015-05-30 at 15:00 +0200, Kasper Dupont wrote: >> On my laptop I have key1 and key2. I can use key1 to log in >> on server1, and I can use key2 to log in on server2. I want >> neither key to leave the laptop, and only key2 is allowed >> to be forwarded to other hosts. >

Hi, I managed to compile 4.10.0 under CentOS 7.6. I did the following: - update the yum package repository cache: sudo yum makecache - install yum-utils: sudo yum install yum-utils - add the IUS package repository: sudo yum install https://centos7.iuscommunity.org/ius-release.rpm - update the yum package repository cache again: sudo yum makecache - install Python 3.6 including PIP: sudo yum

Hello, I'd like to find a function in the sourcecode which enables me to get the chroot-path of the mailstore, so I can concatenate it with the result of mail_storage_get_mailbox_path to get the full path of a mailbox within the filesystem. Does such a function exist? Who can help me? Thanks in advance. Stefan -- SIEGNETZ.IT GmbH { w3o-services } Schneppenkauten 1a D-57076 Siegen

On Tue, 29 Sep 2020 at 23:16, Nico Kadel-Garcia <nkadel at gmail.com> wrote: [...] > I gave up on $HOME/.ssh/known_hosts a *long* time ago, because if > servers are DHCP distributed without static IP addresses they can wind > up overlapping IP addresses with mismatched hostkeys You can set CheckHostIP=no in your config. As long as the names don't change it'll do what you

On Mon, Aug 8, 2016 at 5:49 AM, Stefan Kania <stefan at kania-online.de> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > you should set up a dns-proxy and use this proxy as forwarder in your > domains Really, really not the same thing as a DNS slave. If your DNS master, such as your Samba or AD server, goes toes up for whatever reason, the DNS slave can continue

Hello. I'm administrating a CentOS 3.8 linux system (RHEL3) and I just replaced the imap-2002d-12 package that came with the system, with a dovecot 1.01 package I obtained through the dovecot home page. The problem I have, is that many of my POP3 users have jailed user accounts set up through wu-ftpd, where the dir field is of the form /home/group/./pop/user, and wu-ftpd chroots them from

Nico Kadel-Garcia wrote: > in places where I do not want OpenSSH server's tendency ro let > people with access look around the rest of the filesystem. If you want users to be able to use *only* SFTP then set a ChrootDirectory and ForceCommand internal-sftp in a Match for the user in sshd_config. //Peter

Hello Folks, I'm trying to replace an FTP with several hundred users with something secure. My requirements: - transfers must be logged - users should not have any access to other users' directories - users should land in a writable directory - users should be chrooted I've been trying to get this working with OpenSSH and the internal SFTP server, but it does not

Hello, I am trying to setup a file server using the SFTP protocol with OpenSSH. I am in trouble because sshd refuses to chroot to a directory that is writable by users other than the owner. I guess that this is to prevent someone else from creating a .ssh/authorized_keys file and impersonate the user. But we have configured an alternative AuthorizedKeysFile. I also understand that a chroot user

On Fri, Aug 28, 2015 at 11:51 PM, Walter Carlson <wlcrls47 at gmail.com> wrote: > On Thu, Aug 27, 2015 at 12:26 AM, Walter Carlson <wlcrls47 at gmail.com> wrote: > >> Perfect, thanks. This winds up working for me (as far as I've tested so >> far.) >> >> Match exec "ping -q -c 1 -t 1 %n | grep '192\.168\.'" >>

I''ve been trying to virtualize SCO OpenServer 5.0.6 for various reasons, and found that the Xensource 4.x doesn''t support it, nor does the open source Xen 3.x in any of the environments I''ve tried. It works on VMware, but for various reasons I prefer to use Xen on my Dom0. (I like open source, and the base OS for the commercial reasons is much, much more recent, and

https://bugzilla.mindrot.org/show_bug.cgi?id=177 Joshua Pettett <devel at homelinkcs.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Component|sshd |sftp-server AssignedTo|openssh-bugs at mindrot.org |unassigned-bugs at mindrot.org --- Comment