Displaying 20 results from an estimated 10000 matches similar to: "While using internal sftp server, need to access files outside chroot"
2012 May 07
1
Can not capture internal-sftp process log in syslog
Hi,
I am trying to use internal-sftp to limit sftp only access to a set of users.
I have set sshd_config as follows
sshd_config
===========
Subsystem sftp internal-sftp -f LOCAL0 -l VERBOSE
Match group ftp
ChrootDirectory /sftp/%u
X11Forwarding no
AllowTcpForwarding no
ForceCommand internal-sftp -f LOCAL0 -l VERBOSE
Match
I am able to access internal-sftp and run sftp sessions properly.
2012 Jul 06
1
Can not login with key-exchange is chrooted sftp environment
Hi,
We need to allow log in based on public key generated using ssh-keygen (rsa key) for SFTP with chroot (internal sftp). I am not able to log in with just key exchange. I can login using password.
I am able to log-in with out password for an ssh session unlike sftp session.
Is there a way to login with key-exchange only for internal-sftp with chroot?
Here is the trace
OpenSSH_3.9p1, OpenSSL
2015 May 02
2
sftp chroot requirements
Hi Damien,
Thank you. I read the rationale.
Just to summarize, a user writeable chroot target is considered
dangerous if:
1) the user has another way of gaining non-chrooted access to the system
2) is able to create hardlinks to setuid-binaries outside of the chroot tree
3) there are bugs somewhere that allow privilige escalation or remote
execution of other programs
While all these
2015 May 01
5
sftp chroot requirements
I did not find any clues when 'googling' and could not find any search
options on the archives.
So, your answer does really not help.
If you can help me with some reference, then it is highly appreciated.
I would like to understand the rationaly. Not why 'it is just like it is'.
No, why. What is the reasoning behind it.
I speak Dutch, English, some Japanese and C. So, I can
2023 Nov 12
2
restrict file transfer in rsync, scp, sftp?
On Sat, 11 Nov 2023, Bob Proulx wrote:
> I am supporting a site that allows members to upload release files. I
> have inherited this site which was previously existing. The goal is
> to allow members to file transfer to and from their project area for
> release distribution but not to allow general shell access and not to
> allow access to other parts of the system.
>
>
2018 Jan 05
3
SFTP chroot: Writable root
On Fri, 2018-01-05 at 16:00 +1030, David Newall wrote:
> On 05/01/18 02:44, Thomas G?ttler wrote:
> > I set up a chroot sftp server [...]
> > Is there a way to get both?
> >
> > - chroot
> >
> > - writable root
>
> The source code (sftpd.c) seems to require that the root directory
> be
> owned by root and not group or world writable, so I
2006 Oct 18
1
Using CHROOT jail in SFTP
Good afternoon,
I have been using OpenSSH 3.8p1 and added code to sftp-server.c so I could put users in chroot jail. When I setup a new system and downloaded OpenSSH 4.4p1 and tried the same patch it fails with the following in the /var/log/messages file:
sftp-server[11001]: fatal: Couldn't chroot to user directory /home/newyork/ftpbcc: Operation not permitted
I was wondering why one would
2007 Apr 03
2
1.0rc29: LDA chroot problem
Hi,
I got strange problem with dovecot LDA;
in dovecont.conf: mail_chroot = /srv/vmail
---
deliver(test at fakedomain.net): Apr 03 07:28:21 Info: auth input: test at fakedomain.net
deliver(test at fakedomain.net): Apr 03 07:28:21 Info: auth input: uid=400
deliver(test at fakedomain.net): Apr 03 07:28:21 Info: auth input: gid=400
deliver(test at fakedomain.net): Apr 03 07:28:21 Info: auth
2023 Nov 12
3
restrict file transfer in rsync, scp, sftp?
I am supporting a site that allows members to upload release files. I
have inherited this site which was previously existing. The goal is
to allow members to file transfer to and from their project area for
release distribution but not to allow general shell access and not to
allow access to other parts of the system.
Currently rsync and old scp has been restricted using a restricted
shell
2001 May 24
1
chroot sftp-server [PATCH]
I'm working on setting up a semi-trusted sftp service, and to get it
working, I need chroot capability.
I've taken the /./ wuftpd magic token code from contrib/chroot.diff and
put it into the sftp server. The main problem is that privileges have
been dropped by the time the subsystem is exec'ed, so my patch requires
that sftp-server be setuid root. Not ideal, I know, but I drop all
2003 Apr 13
2
chroot() as non-root user?
I suspect this has been asked before but I'll ask anyway.
Q1: Is it possible for a non-root process to perform a chroot?
My interest is this: I have a typical ISP hosting account (verio; on a
FreeBSD 4.4 server.) I'd like to install and run various CGI packages, yet
protect myself (and my email, and my .ssh keys) from bugs being exploited
in those CGI packages. Chroot at the start
2002 Apr 05
1
Chroot of SCP and SFTP-server
Hi,
I was thinking about the difficulties and complexities of using chroot in
scp or sftp-server, in order to limit the user in which files they can
access.
I've seen a lot of arguments about how it is pointless to try and secure scp
or sftp (also from a logging perspective) because if we allow SSH access,
the user can simply provide their own scp or sftp binary, that does not do
the
2013 Feb 02
2
Relaxing strict chroot checks on recent Linux kernels?
At the risk of beating a dead horse, I'd like to see the chroot
security checks relaxed a bit. On newer Linux kernels, there's a
prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0) that prevents privilege
elevation (via setuid binaries, etc) for the caller and all of its
descendants. That means that chroot(untrusted directory),
prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0), setreuid(uid, uid), execve(a
2013 Mar 13
2
Time zone for chrooted internal-sftp?
Hi,
A question regarding chroot, internal-sftp, and time zones: Is it possible to get the time stamps presented by the chrooted internal-sftp to always be aligned with the system global time zone setting?
What is the reason this not done by default, that is couldn't the chrooted internal-sftp inherit the time zone information from the SSH daemon?
/John
--
John Olsson
Ericsson AB
2004 Aug 06
6
[PATCH] Icecast2 - chroot, setuid/gid...
Hi all again...
I did a chroot patch with ability to change uid and gid.
I dunno if you all approve with the current implementation but the patch
is small and it works here.
remember to CC, since i'm not on this ml...
//Ian Kumlien
PS. To anyone on vorbis-dev, I'm *REALLY* sorry must be tired or something.. =)
DS.
<p><p><p>
-------------- next part --------------
A
2001 Nov 15
3
again chroot
Hello out there!
I've searched this list up and down in order to find a clue about
restricting sftp or scp to a defined path or to a chroot jail. It seems
there has been development on some patches but I can't find further
information.
Is there any support or planned support for restricting sftp or scp to a
certain path?
If there is already support for this, does anybody have a howto
2000 Apr 19
2
ssh and chroot...
I have a RedHat 6.0 x86 server which is serving a number of minor things, which I wish to add shell access to.
I'm currently running sshd and am quite happy with it, the exceptiong being that I am unable to make sshd perform a chroot for shell account users.
I have been reading man pages and howto's, many of which discuss sshd or chroot, but never the two together.
Is this not an
2006 Jan 07
2
VB on Linux with Wine
We have 50 complex applications written in Microsoft Visual Basic 6.0
providing banking solutions. We are seriously thinking of porting
our applications to Linux under WINE. Is it possible to do so?
Nature of our VB applications:
------------------------------
1. Extensively used all controls provided in VB
2. Total size of our applications is around 2 million lines
3. Applications are having
2010 Mar 26
6
Rake argument error
Hi,
I''m having a problem loading a sample data with simple rake command.
rake db:fixtures:load
When I run the above command,I get the following error
$rake db:fixtures:load
(in /home/raghu/www/photos)
rake aborted!
a YAML error occurred parsing
/home/raghu/www/photos/test/fixtures/photos.yml. Please note that YAML
must be consistently indented using spaces. Tabs are not allowed. Please
2010 Jul 10
1
internal-sftp and logging not working with Fedora and chroot using 5.5?
Hope ya'all can help!
Been reading and reading, and adjusting... to no avail.
We need to have chroot'd SFTP activities logged on a file server and for
whatever reason, I simply cannot get it to log with users that are chroot'd
(this is necessary for auditing and HIPAA - so it is pretty important)
I have tried with Fedora 11/12 and even an older Fedora 8 server, the same
results:
1.