similar to: sftp-server (secure) chroot patch?

Accidently removed XXX comment. New patch below. Regards Magnus --- openssh-3.6.1p2/sftp-server.c.org 2003-08-11 22:07:47.098650000 +0200 +++ openssh-3.6.1p2/sftp-server.c 2003-08-16 19:07:14.273582000 +0200 @@ -24,15 +24,24 @@ #include "includes.h" RCSID("$OpenBSD: sftp-server.c,v 1.41 2003/03/26 04:02:51 deraadt Exp $"); +#define CHROOT #include "buffer.h"

Hello all, Here is an updated patch. I published the original patch published on august 16. --- openssh-3.7.1p2/sftp-server.c.org 2003-08-22 01:34:41.000000000 +0200 +++ openssh-3.7.1p2/sftp-server.c 2003-09-30 17:22:43.730402000 +0200 @@ -24,6 +24,7 @@ #include \"includes.h\" RCSID(\"$OpenBSD: sftp-server.c,v 1.43 2003/06/25 22:39:36 miod Exp $\"); +#define CHROOT

Using OpenSSH SFTP with chroot ============================== Several people have been asking now for some kind of documentation on how to use the chroot-patch for the sftp-server. So here it comes. I hope nobody minds that i post this in the developer list. The patch has been provided to the list some time ago. I'm sorry not giving credit to the author, but I really don't know who

I need this for BSD/OS 4.2 + privsep perhaps we should not call do_setusercontext() after chroot(). --- sshd.c.orig Fri Jun 21 03:09:47 2002 +++ sshd.c Tue Jun 25 13:11:03 2002 @@ -548,21 +548,35 @@ /* Change our root directory*/ if (chroot(_PATH_PRIVSEP_CHROOT_DIR) == -1) fatal("chroot(\"%s\"): %s", _PATH_PRIVSEP_CHROOT_DIR, strerror(errno)); if

Quoting Rick Romero <rick at havokmon.com>: > Quoting Eric Broch <ebroch at whitehorsetc.com>: > >> On 10/4/2018 7:27 AM, Rick Romero wrote: >>> Quoting Eric Broch <ebroch at whitehorsetc.com >>> <mailto:ebroch at whitehorsetc.com>>: >>> >>>> On 10/4/2018 6:34 AM, Rick Romero wrote: >>>>> ? >>>

The following are patches against openssh 2.1.1p4 to add support for the BSD_AUTH authentication mechanisms. It allows the use of non-challenge/response style mechanisms (which styles are allowed my be limited by appropriate auth-ssh entries in login.conf). The patches also add support for calling setusercontext for the appropriate class when called with a command (so that the PATH, limits,

Sorry to repost, but I finally have the code on a machine that has diff -u, and I've updated it for 2.9p2. Attached is the unified diff to add logging of SFTP activity to auth.info. If there is a more proper way to contrib patches, please let me know. Cheers, Jason # "Jason A. Dour" <jason at dour.org> http://dour.org/ # Founder / Executive Producer - PJ

Quoting Eric Broch <ebroch at whitehorsetc.com>: > On 10/4/2018 7:27 AM, Rick Romero wrote: >> >> Quoting Eric Broch <ebroch at whitehorsetc.com >> <mailto:ebroch at whitehorsetc.com>>: >> >>> >>> On 10/4/2018 6:34 AM, Rick Romero wrote: >>>> >> Quoting Aki Tuomi <aki.tuomi at open-xchange.com >>

On 10/4/2018 7:27 AM, Rick Romero wrote: > > Quoting Eric Broch <ebroch at whitehorsetc.com > <mailto:ebroch at whitehorsetc.com>>: > >> >> On 10/4/2018 6:34 AM, Rick Romero wrote: >>> > Quoting Aki Tuomi <aki.tuomi at open-xchange.com > <mailto:aki.tuomi at open-xchange.com>>: > >> On 03.10.2018 23:30, Eric Broch wrote:

Hi Aki and Remo, switch from vpopmail driver to SQL driver (if you are using vpopmail with mysql as backend) is very simple. First you need to setup the right query for vpopmail database: # cat /etc/dovecot/dovecot-sql.conf.ext ### Vpopmail driver = mysql connect = host=192.168.1.2 dbname=vpopmail user=vpopmail password=Vp0pM4iL default_pass_scheme = MD5-CRYPT ### Query to get a list of all

Quoting Eric Broch <ebroch at whitehorsetc.com>: > On 10/4/2018 6:34 AM, Rick Romero wrote: > >> ? Quoting Aki Tuomi <aki.tuomi at open-xchange.com>: > On 03.10.2018 23:30, Eric Broch wrote: > >> Hello list, >> >> I run Dovecot with the vpopmail driver and have found that it >> authenticates against the clear text password in the vpopmail

Hi, please find a patch against openssh-4.7p1 This patch: 1) Allows for an optional configuration file 2) Allows a user to be restricted to a directory and it's children. Enjoy -- Alain Williams Linux Consultant - Mail systems, Web sites, Networking, Programmer, IT Lecturer. +44 (0) 787 668 0256 http://www.phcomp.co.uk/ Parliament Hill Computers Ltd. Registration Information:

Quoting Aki Tuomi <aki.tuomi at open-xchange.com>: > On 03.10.2018 23:30, Eric Broch wrote: >> Hello list, >> >> I run Dovecot with the vpopmail driver and have found that it >> authenticates against the clear text password in the vpopmail >> database. Is there a configuration option either at compile time, link >> time, or a setting in one of the

Hi there, everyone; I've had a few requests for an updated version of my chroot patch. (the version found in contrib is outdated) So, here it goes, updated to 2.3.0p1; "chroot.diff" is a plain diff for session.c (apply, compile and go). "chroot+configure.diff" is the same patch, plus an option to "configure" for enabling/disabling chroot support (./configure

On 10/4/2018 6:34 AM, Rick Romero wrote: > > Quoting Aki Tuomi <aki.tuomi at open-xchange.com > <mailto:aki.tuomi at open-xchange.com>>: > >> On 03.10.2018 23:30, Eric Broch wrote: >> >>> Hello list, >>> >>> I run Dovecot with the vpopmail driver and have found that it >>> authenticates against the clear text password in the

This is another take on logging for sftp-server. Given the number of private email requests I've received for this patch, I assume there is signifigant enough interest to request it be reviewed for inclusion into the release. The patch is against 3.1p1, and is completely disabled by default. To enable logging, one must use compile time directives (-DSFTP_LOGGING). This was done due to prior

Hi, This patch implements a minimal getpwnam() function in tftpd.c. The reason for the patch is that I needed tftpd to work in my embedded system, which are without libnss*. The patch has been tested, and works for me. Please consider it. Best regards, jules -- Jules Colding <JuBColding at yorkref.com> York Refrigeration diff -urN tftp-hpa-0.34.orig/tftpd/Makefile

I'm not sure why the 'passwd' userdb didn't allow args, but it meant (for instance) that the quota plugins weren't usable. I spent quite a bit of time trying to get my new quota-rquotad plugin to work, only to find out that it was my 'quota=rquotad:<filesystem list>' argument that wasn't being passed to the imap child :) The attached patch implements

Hello, I was trying to build a chrooted sftp account when I faced a problem. The chroot is done with the patch present in the contrib subdirectory in the portable version (I'm under linux slackware current). My problem is that verifying access rights on directories and files are too tight and then I couldn't have the following things : The user sftp, with primary group sftp, is chrooted

Hello, whereas most people take passwd/shadow/ldap/<whatever> as the place where decision on a chrooted environment / sandbox for certain users is met (just set the given usershell appropriateley), I needed a somewhat different approach. Below is a tiny patch to 2.2.0p1 which enhances the sshd-config by two options and, when set, places all users / users of a certain group immediately in