similar to: New % substitution for sshd_config

Sent from my iPhone Begin forwarded message: > From: Sue Spence <sue at pennine.com> > Date: 13 August 2012 08:02:08 GMT+01:00 > To: "susan.spence" <susan.spence at db.com> > Subject: ssh > >

https://bugzilla.mindrot.org/show_bug.cgi?id=2036 Priority: P5 Bug ID: 2036 Assignee: unassigned-bugs at mindrot.org Summary: Add %g user group name parameter for ChrootDirectory Severity: enhancement Classification: Unclassified OS: Linux Reporter: sue at pennine.com Hardware: ix86 Status:

Under "ChrootDirectory" there is a line that says, "This path, and all its components, must be root-owned directories that are not writable by any other user or group." When I first read this "all its components" seemed to mean that all directories and files within this directory must be root owned and root only writable. This seemed odd as I would not be able to

https://bugzilla.mindrot.org/show_bug.cgi?id=2289 Bug ID: 2289 Summary: arandom(4) as documented in sshd_config(5)?s ChrootDirectory option does not exist on all platforms Product: Portable OpenSSH Version: 6.7p1 Hardware: Other OS: All Status: NEW Severity: enhancement

I see that there is a new sshd_config in the latest updates. Since I have altered the original file, this one got installed as .rpmnew It has two changes: > #AddressFamily any So does this make it default to IPv4 only? > #ChrootDirectory none Chroot is now an option for SSH?

This is automatically generated email about markup problems in a man page for which you appear to be responsible. If you are not the right person or list, please tell me so I can correct my database. See http://catb.org/~esr/doclifter/bugs.html for details on how and why these patches were generated. Feel free to email me with any questions. Note: These patches do not change the modification

[Not subscribed to this list, so please respond directly if you need to speak to me] In man5/sshd_config.5, a permissible keyword in a 'Match' block is missing. It currently lists only: AllowTcpForwarding, Banner, ForceCommand, GatewayPorts, GSSApiAuthentication, KbdInteractiveAuthentication, KerberosAuthentication, PasswordAuthentication, PermitOpen, PermitRootLogin,

CentOS-6.6 We have sshd chroot working, mostly, for a particular groupid. However, we have two things that remain u/s, no doubt due to some omission on my part. Basically, we would like our users to be able to tunnel their https over the ssh connection to this server and be able to do X11 forwarding as well. At the moment both work when the user connects without chroot and neither works if

Are there plans to expand the logging capabilities in OpenSSH, so that the details of what files were moved using sftp is included? If not, does anyone know of a good way to capture this information? Thanks in advance, - Sue Susan K. Diller UNIX Systems Administration PAETEC Communications, Inc. 600 WillowBrook Office Park Fairport, New York 14450 *(585) 413-2320 * susan.diller at

https://bugzilla.mindrot.org/show_bug.cgi?id=1527 Summary: ForceCommand internal-sftp needs a way to enable logging Product: Portable OpenSSH Version: 5.1p1 Platform: Itanium2 OS/Version: HP-UX Status: NEW Severity: minor Priority: P4 Component: sftp-server AssignedTo:

Hello, First, a big thank you to the OpenSSH devs. _ /Problem Summary:/ _ Chroot and SELinux don't get along. This affects both the new (official) ChrootDirectory feature, as well as the older (3rd party) patch at http://chrootssh.sourceforge.net/. _ /History and repro:/ _ On March 21, 2008, Alexandre Rossi posted to this list with the subject: "*ChrootDirectory

I'm running OpenSSH 5.1p1 on openSUSE 10.3 (i586) and I want to setup chroot jails for certain SFTP-only users. I use the following lines in my sshd_config file: Match Group sftponly ChrootDirectory /home/chroot-%u ForceCommand internal-sftp It works great. The problem is that some of my users need umask 002 for their uploads. I tried a few ways to achieve this: * set umask in sshrc,

Hi, I'm using the "ChrootDirectory" option for the sshd daemon to jail my ssh users. Additionally, I'm using the "Match group" option to only jail people belonging to a specific active directory group. Here are the relevant lines of the sshd_config file: LogLevel Debug3 Subsystem sftp internal-sftp Match group sftpusers ChrootDirectory /my/chroot/home ForceCommand

Hi, many people are having problems using SFTP with ChrootDirectory when the jail directory (or the path above) is not owned by root. The question is if chroot'ing to usual home directories can be allowed, even though they are owned by regular users. I know that this topic has been discussed on the list several times now, so I searched the list archives for posts that invalidate the

https://bugzilla.mindrot.org/show_bug.cgi?id=1574 Summary: trailing white space on Forced Command within ChrootDirectory causes failure Product: Portable OpenSSH Version: 5.1p1 Platform: All OS/Version: Linux Status: NEW Severity: normal Priority: P2 Component: sshd AssignedTo:

Hello, I'm aware of the fact that ChrootDirectory requires that the target directory is root-owned, and I think I've mostly understood why that is necessary, at least within the context of someone who has full shell access. However, I am wondering if that possibility for privilege escalation still exists with a configuration like this: Match Group sftp ForceCommand internal-sftp

Hi all, I am running Debian Etch. I've compiled openssh-5.0p1 with pam support. I'd like to use a chrooted sftp environment for my users and also log their sftp file transfers. Currently file transfer logging stops working when I implement a jail. Logging from within the chroot seems like a useful feature. I hope it makes it in sooner rather than later. Here's the contents of my

https://bugzilla.mindrot.org/show_bug.cgi?id=1564 Summary: non-accessible user's home directory not reported when ChrootDirectory=none Product: Portable OpenSSH Version: 5.2p1 Platform: All OS/Version: Solaris Status: NEW Severity: normal Priority: P3 Component: sshd

We've added 2 additional courses to our April Schedule: (++) R/S Fundamentals and Programming Techniques *** San Francisco / April 24-25, 2008 *** *** New York City / April 28-29, 2008 *** *** Seattle / April 21-22 Regards - Sue > -------- Original Message -------- > Subject: [BioC] XLSolutions 9 Courses: Upcoming March-April 2008 R/S+ > Course Schedule by XLSolutions

>> The loop checking is a bit more challenging than that. If Bob >> forwards to Fred and Fred forwards to Sue, all is well when Bob and >> Fred head out for a beer. A little later, we?re in deep doo-do0 when >> Sue forwards to Bob. > Could this possibly mean that any person who has CF set should never > be available as CF Destination. Simple db entry/check can