similar to: sftp chroot requirements

Hi Damien, Thank you. I read the rationale. Just to summarize, a user writeable chroot target is considered dangerous if: 1) the user has another way of gaining non-chrooted access to the system 2) is able to create hardlinks to setuid-binaries outside of the chroot tree 3) there are bugs somewhere that allow privilige escalation or remote execution of other programs While all these

I did not find any clues when 'googling' and could not find any search options on the archives. So, your answer does really not help. If you can help me with some reference, then it is highly appreciated. I would like to understand the rationaly. Not why 'it is just like it is'. No, why. What is the reasoning behind it. I speak Dutch, English, some Japanese and C. So, I can

Hi Thomas, I don't know if you like top or bottom quoting. That seems to be a big-little endian thing ;-) So, I will top quote and inline quote. Please see my comments inline, below. Kind regards, Stephan On 02/19/2015 04:18 PM, "Thomas B. R?cker" wrote: > Hi, > > On 02/19/2015 03:07 PM, Stephan Leemburg wrote: >> Hello Icecast-dev, >> >> I am new to

Hello Icecast-dev, I am new to this list. I am working for the NPO, the Dutch Public Broadcasting agency. We do a lot of icecast streaming. We run at least 20 icecast server instances on our media streaming cluster. We ran into an issue that clients which where connecting to our streams seemed to be 'hanging' on the connection setup frequently. The client 'thinks' it is

And no sooner do I send the email than I spot the problem. Oops! Sorry about that. The sshd_config needed to contain a different internal-sftp line: Match User test-sftp-only ChrootDirectory /home/sftp/mcsosftp ForceCommand internal-sftp -f AUTHPRIV -l INFO PasswordAuthentication no AuthorizedKeysCommand /usr/local/bin/get_sftp_key That's gotten

I'm setting up a local mirror server on a CentOS4 box. I want it to serve files over http, nfs and ftp. I've set this up with the mirrored directories on a separate partition. I've got the http and nfs working but am having some trouble with ftp. I'm using vsftpd as the ftp server. I can log in to the ftp server and get to the pub (/var/ftp/pub) directory. However when I try

Hello everyone, We have some chrooted sftp-only users on a CentOS release 6.6 server. The server had been logging their actions, but after recent updates the logs have stopped. The server correctly logs non-chrooted users: Sep 14 17:47:24 vsecure4 sshd[1981]: Accepted publickey for jcours from 192.168.10.166 port 42545 ssh2 Sep 14 17:47:24 vsecure4 sshd[1981]: pam_unix(sshd:session):

Hi, On 02/19/2015 03:40 PM, Stephan Leemburg wrote: > I don't know if you like top or bottom quoting. That seems to be a > big-little endian thing ;-) > > So, I will top quote and inline quote. playing it safe, ha! > Please see my comments inline, below. > > Kind regards, > Stephan > > > On 02/19/2015 04:18 PM, "Thomas B. R?cker" wrote: >>

Hi, I need to make a custom code change in sftp-server module to copy the received file outside the chroot-setup. I am trying to chroot repeatedly to get physical root directory and the copy received file to a directory outside chrooted directory. The children processes are owned by the sftp-user and so, sftp child process does not have permission to escape out of chroot. Is there a simple way

The proposed subject of Wiki contribution: Chroot vsftpd with non-system users The proposed location of Wiki contribution: http://wiki.centos.org/HowTos/Chroot_Vsftpd_with_non-system_users I propose this Wiki to give user choice that they can select whether virtual users and system account coexist in vsftpd system. The shell file vsftpd_virtual_config.sh should also adjust to make this function

Hi, This update is for the HowTo at http://wiki.centos.org/HowTos/Chroot_Vsftpd_with_non-system_users Regarding two of the scripts provided: vsftpd_virtual_config.sh and vsftpd_virtual_config_withTLS.sh: The configuration additions it makes to PAM do not work on 64-bit systems. In vsftpd_virtual_config.sh (Lines 55 & 56) and vsftpd_virtual_config_withTLS.sh (Lines 123 & 124) should be

I am testing a chrooted environment for sftp using the internal-sftp subsystem. Now that I seem to have SELinux mostly out of the way, when I do an 'ls -l' after the sftp login I see only numbers for the uids and gids. When I was using scponly I simply had a local version of /etc/passwd and /etc/group but these are evidently not used by the internal sftp subsystem. Is there a way to get

I have 1 Centos server V4.x already running VSFTPD and when the user logs in they get chrooted to the home directory, I have installed the same config files to a second server (again Centos V4.x) and have setup the same user on the second server but the user does not get chrooted to the home directory but is placed in /var/ftp/pub and cannot upload file. The files I copied are:-

Hi all, I am running Debian Etch. I've compiled openssh-5.0p1 with pam support. I'd like to use a chrooted sftp environment for my users and also log their sftp file transfers. Currently file transfer logging stops working when I implement a jail. Logging from within the chroot seems like a useful feature. I hope it makes it in sooner rather than later. Here's the contents of my

Hi! I want to set a OpenSSH server which restricts some users to only chrooted SFTP, while others have full/normal ssh, scp and sftp access. Most or all guides on the web say that I should enable the config line "Subsytem sftp internal-sftp" among other things, but I've found out that this only causes non-restricted users to not be able use SFTP at all, only the chrooted users.

Hello, I know this chroot issue has been brought up many times before on this list. I saw that the contribibuted chroot-patch was removed from the contrib directory because it always was out of date. The main reason was of course was that sftp-server has to be run as root to be able to do the chroot() call? Most of you are against chroot (since it isnt in the src) but I believe a lot of users

Hi, A question regarding chroot, internal-sftp, and time zones: Is it possible to get the time stamps presented by the chrooted internal-sftp to always be aligned with the system global time zone setting? What is the reason this not done by default, that is couldn't the chrooted internal-sftp inherit the time zone information from the SSH daemon? /John -- John Olsson Ericsson AB

Hi All, Could anyone explain what is "enhance SSH so that sftp chrooted user sessions are loged in to syslog"? What is "chrooted user sessions"? I'm sorry for the interruption and the laughable question. Thanks and Regards, Bin.Bai.

Hi In a chrooted sftp syatem i'm trying to log (user file transaction log) full path instead of relative path. (like /home/user1/file/a.txt instead of /file/a.txt). Without chroot sftp it works fine, but in chrooted system i do not get full path, which i need badly. Goggled for it for so long, but no luck. Is there any way? any hint from you will be appreciated. Thnaks Ashfaq

Hi, I've posted this question on ServerFault, but no answer has been found (http://serverfault.com/questions/431329/user-cant-sftp-after-chroot). I have version 1:5.3p1-3ubuntu7 To sum up: I want to chroot the user sam. Things I have done: - add user 'sam' to group 'users' - added Subsystem sftp internal-sftp to /etc/ssh/sshd_config (at the bottom) - added a Match : -- Match