Displaying 20 results from an estimated 600 matches similar to: "internal-sftp and logging not working with Fedora and chroot using 5.5?"
2008 May 25
1
OpenSSH + chroot + SELinux = broke
Hello,
First, a big thank you to the OpenSSH devs.
_ /Problem Summary:/
_ Chroot and SELinux don't get along. This affects both the new
(official) ChrootDirectory feature, as well as the older (3rd party)
patch at http://chrootssh.sourceforge.net/.
_ /History and repro:/
_ On March 21, 2008, Alexandre Rossi posted to this list with the
subject: "*ChrootDirectory
2007 Apr 18
1
[Bridge] Building 1.1 ?
Good day Folks!
Working on a bridging firewall/gateway and attempting to solve the age-old
mystery of whether I can get NAT to work across a gateway that has 2 NICs and
requires a bridge...
Upside is, I have the gateway working, bridging works (as does OpenVPN using
that bridge). But NAT does not in Fedora Core 4...
>From dmesg: Linux version 2.6.11-1.1369_FC4
So I went to the website and
2008 Apr 03
1
Omission in sshd_config man page
[Not subscribed to this list, so please respond directly if you need to speak to me]
In man5/sshd_config.5, a permissible keyword in a 'Match' block is missing. It currently lists only:
AllowTcpForwarding, Banner, ForceCommand, GatewayPorts, GSSApiAuthentication, KbdInteractiveAuthentication, KerberosAuthentication, PasswordAuthentication, PermitOpen, PermitRootLogin,
2014 Oct 10
3
[Bug 2289] New: arandom(4) as documented in sshd_config(5)’s ChrootDirectory option does not exist on all platforms
https://bugzilla.mindrot.org/show_bug.cgi?id=2289
Bug ID: 2289
Summary: arandom(4) as documented in sshd_config(5)?s
ChrootDirectory option does not exist on all platforms
Product: Portable OpenSSH
Version: 6.7p1
Hardware: Other
OS: All
Status: NEW
Severity: enhancement
2012 Aug 18
0
[Bug 2036] New: Add %g user group name parameter for ChrootDirectory
https://bugzilla.mindrot.org/show_bug.cgi?id=2036
Priority: P5
Bug ID: 2036
Assignee: unassigned-bugs at mindrot.org
Summary: Add %g user group name parameter for ChrootDirectory
Severity: enhancement
Classification: Unclassified
OS: Linux
Reporter: sue at pennine.com
Hardware: ix86
Status:
2008 Apr 15
0
ChrootDirectory - SFTP subsystem works fine but SSH hangs
Hi
I'm using Centos 5 with Openssh-5.0p1 installed (and OpenSSL 0.98b and
Zlib 1.2.3-3). I've managed to get a chroot'd SFTP session using
ChrootDirectory and the new built-in SFTP subsystem. However, when I
use SSH to connect to the same account the session hangs rather than
closing the connection. This happens whether or not I use
/sbin/nologin /bin/false or even /bin/sh
2009 Nov 05
3
sshd_config ChrootDirectory ambiguity...
Under "ChrootDirectory" there is a line that says,
"This path, and all its components, must be root-owned directories
that are not writable by any other user or group."
When I first read this "all its components" seemed to mean that
all directories and files within this directory must be root owned
and root only writable. This seemed odd as I would not be able
to
2001 Apr 09
0
Running 'ssh' and 'scp' from a chroot jail (sandbox)
I have a need to have users SSH into a server where they are limited to a
chroot jail (sandbox). Once they are there, they need to be able to execute
'ssh' and 'scp' to other systems.
I've no problem setting up the basic chroot jail and providing basic
functionality (ls, cat, less, etc). The part that is stopping me is setting
it up so that that user can then 'ssh'
2009 Sep 17
3
New sshd_config - what has changed?
I see that there is a new sshd_config in the latest updates.
Since I have altered the original file, this one got installed as .rpmnew
It has two changes:
> #AddressFamily any
So does this make it default to IPv4 only?
> #ChrootDirectory none
Chroot is now an option for SSH?
2007 Jul 28
3
chroot'd SFTP
Thanks for these 3rd party hacks! I don't trust them.
There must be such feature in openssh out of box.
So the most secure/easyer method of giving sftp access to porn collection is:
Damiens sftp-server chroot patch, which I hope to see in openssh one day :)
http://marc.info/?l=openssh-unix-dev&m=116043792120525&w=2
# useradd -d /data/p0rn -m share
/etc/ssh/sshd_config:
Match user
2011 Jan 17
1
Questions about ChrootDirectory
Hello,
I'm aware of the fact that ChrootDirectory requires that the target
directory is root-owned, and I think I've mostly understood why that is
necessary, at least within the context of someone who has full shell
access. However, I am wondering if that possibility for privilege
escalation still exists with a configuration like this:
Match Group sftp
ForceCommand internal-sftp
2012 May 10
2
Is there any method, with ChrootDirectory and internal-sftp, to automatically cd to a subdir on login?
Hi,
This is either a query or a feature request. I have a system where sftp
users are chrooted using scponly, which while requiring much more setup than
OpenSSH's internal-sftp method, has the useful feature of allowing an
initial chroot to a subdirectory, typically the one used for file exchange.
I've searched for a way to do the same thing with OpenSSH. So far haven't
found it.
If
2009 Mar 28
3
ChrootDirectory security
Hello,
I've tried many places, finally ending up here to ask my question: why
is it so vital that the directory used with the ChrootDirectory
directive is root-owned?
Like many people I'm trying to use this in a webhosting environment
where several users get sftp-only access to some directory, usually
something like /home/user/web/part-of-website.
I can be sure that there are no setuid
2012 Jan 19
2
ChrootDirectory per SSH Subsystem?
Hi,
According to the sshd_config manual page the option ChrootDirectory can be used to force a chroot:ed environment for the SSHD server. But as I understand the manual page this is a global setting and it is not possible to specify this per SSH subsystem.
We are building a system where we need users to be able to log on from remote machines via SSH, but with the tweaks that we (for security
2009 Oct 23
3
internal-sftp only without ssh and scp hanging
I've configured OpenSSH_5.3p1 to only allow sftp connections (openssh
chroot functionality).
i.e.
Subsystem sftp internal-sftp
Match group sftpusers
ChrootDirectory /chroot/%u
X11Forwarding no
AllowTcpForwarding no
ForceCommand internal-sftp
So far everything works correctly with sftp but when a user ssh's or
scp's to the box the login
2006 Jul 20
1
Anyone have an rpm built for Javahelp2?
Yes, I can get it done with some effort.
I understand the non-free aspect of jpackage.org
the rpm is created with user/group jpp, so I guess that I have to include:
--prefix /home/me/rpm ?
2008 Oct 24
7
[Bug 1532] New: SSH ignoring "StrictModes no"
https://bugzilla.mindrot.org/show_bug.cgi?id=1532
Summary: SSH ignoring "StrictModes no"
Product: Portable OpenSSH
Version: 5.1p1
Platform: ix86
URL: http://www.networksecurityarchive.org/html/Secure-Shel
l/2005-08/msg00058.html
OS/Version: Linux
Status: NEW
Severity: normal
2023 Nov 12
2
restrict file transfer in rsync, scp, sftp?
On Sat, 11 Nov 2023, Bob Proulx wrote:
> I am supporting a site that allows members to upload release files. I
> have inherited this site which was previously existing. The goal is
> to allow members to file transfer to and from their project area for
> release distribution but not to allow general shell access and not to
> allow access to other parts of the system.
>
>
2008 Apr 29
2
request for feature
Dear developers,
I need the feature of separately jailed, user writeable and user owned
home dirs very badly because I have an SFTP server with 500 users who
are partly nested
could you please add a feature to set non root chroots with the %h
option ? Otherwise I have to rewrite the chroot patch for 4.7p1 :-(
thank you very much in advance
Dirk
2008 Mar 21
1
ChrootDirectory fails if compiled with SELinux support (whether or not using SELinux)
Hi,
(please CC me as I'm not subscribed to the list)
If compiled with SELinux support, OpenSSH 4.8 current cvs fails for
accounts where the new ChrootDirectory option is active :
debug1: PAM: establishing credentials
debug3: PAM: opening session
debug2: User child is on pid 1695
debug3: mm_request_receive entering
debug1: PAM: establishing credentials
debug3: safely_chroot: checking