similar to: [Bug 2556] New: on Linux non-root process can chroot

https://bugzilla.mindrot.org/show_bug.cgi?id=2533 Bug ID: 2533 Summary: do not check if HostKeyAgent is available on ssdh startup Product: Portable OpenSSH Version: 7.1p1 Hardware: All OS: All Status: NEW Severity: enhancement Priority: P5 Component: sshd

https://bugzilla.mindrot.org/show_bug.cgi?id=2534 Bug ID: 2534 Summary: option to get host key list from HostKeyAgent Product: Portable OpenSSH Version: 7.1p1 Hardware: All OS: All Status: NEW Severity: enhancement Priority: P5 Component: sshd Assignee: unassigned-bugs at

Hello, First, a big thank you to the OpenSSH devs. _ /Problem Summary:/ _ Chroot and SELinux don't get along. This affects both the new (official) ChrootDirectory feature, as well as the older (3rd party) patch at http://chrootssh.sourceforge.net/. _ /History and repro:/ _ On March 21, 2008, Alexandre Rossi posted to this list with the subject: "*ChrootDirectory

https://bugzilla.mindrot.org/show_bug.cgi?id=2600 Bug ID: 2600 Summary: Use Linux capabilities to revoke additional permissions from chrooted users Product: Portable OpenSSH Version: 7.2p1 Hardware: Other OS: Linux Status: NEW Keywords: patch Severity: enhancement

https://bugzilla.mindrot.org/show_bug.cgi?id=1616 Summary: root owned empty subdirs are deletable by chroot users Product: Portable OpenSSH Version: 5.2p1 Platform: Other OS/Version: Linux Status: NEW Severity: normal Priority: P2 Component: sftp-server AssignedTo: unassigned-bugs at mindrot.org

I suspect this has been asked before but I'll ask anyway. Q1: Is it possible for a non-root process to perform a chroot? My interest is this: I have a typical ISP hosting account (verio; on a FreeBSD 4.4 server.) I'd like to install and run various CGI packages, yet protect myself (and my email, and my .ssh keys) from bugs being exploited in those CGI packages. Chroot at the start

Hi all, I am running Debian Etch. I've compiled openssh-5.0p1 with pam support. I'd like to use a chrooted sftp environment for my users and also log their sftp file transfers. Currently file transfer logging stops working when I implement a jail. Logging from within the chroot seems like a useful feature. I hope it makes it in sooner rather than later. Here's the contents of my

https://bugzilla.mindrot.org/show_bug.cgi?id=2435 Bug ID: 2435 Summary: allow to pass socket to the agent over stdin Product: Portable OpenSSH Version: 6.9p1 Hardware: Other OS: Linux Status: NEW Severity: enhancement Priority: P5 Component: ssh-agent Assignee: unassigned-bugs

https://bugzilla.mindrot.org/show_bug.cgi?id=2218 Bug ID: 2218 Summary: ProxyCommand as both a resolver and connector Product: Portable OpenSSH Version: 6.5p1 Hardware: Other OS: Linux Status: NEW Severity: enhancement Priority: P5 Component: ssh Assignee: unassigned-bugs at

Hope ya'all can help! Been reading and reading, and adjusting... to no avail. We need to have chroot'd SFTP activities logged on a file server and for whatever reason, I simply cannot get it to log with users that are chroot'd (this is necessary for auditing and HIPAA - so it is pretty important) I have tried with Fedora 11/12 and even an older Fedora 8 server, the same results: 1.

https://bugzilla.mindrot.org/show_bug.cgi?id=1461 Summary: session.c: don't chdir() after chroot() if chroot_path==pw->pw_dir Classification: Unclassified Product: Portable OpenSSH Version: 5.0p1

Maybe one of you can help. We have set up a CentOS server so that each user who logs in via sftp will be jailed in their home directory. Here's the relevant sshd_config: # override default of no subsystems Subsystem sftp internal-sftp -f LOCAL2 -l INFO Match Group sftponly ChrootDirectory /home/%u ForceCommand internal-sftp This actually works great, but none of

CentOS-6.6 We have sshd chroot working, mostly, for a particular groupid. However, we have two things that remain u/s, no doubt due to some omission on my part. Basically, we would like our users to be able to tunnel their https over the ssh connection to this server and be able to do X11 forwarding as well. At the moment both work when the user connects without chroot and neither works if

At the risk of beating a dead horse, I'd like to see the chroot security checks relaxed a bit. On newer Linux kernels, there's a prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0) that prevents privilege elevation (via setuid binaries, etc) for the caller and all of its descendants. That means that chroot(untrusted directory), prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0), setreuid(uid, uid), execve(a

Well, I seem to have resolved most of this. In the end I had to create a separate logical link for the chrooted users' home directories that pointed back to their actual directory. It sounds confusing because it is. I first tried this in sshd_conf ChrootDirectory %h and in ~/%h I had created the following mount points: bin dev etc lib lib64 tmp usr Upon which I had hung mounts to

https://bugzilla.mindrot.org/show_bug.cgi?id=2382 Bug ID: 2382 Summary: option to disable pid file with sshd Product: Portable OpenSSH Version: 6.9p1 Hardware: Other OS: Linux Status: NEW Severity: enhancement Priority: P5 Component: sshd Assignee: unassigned-bugs at

https://bugzilla.mindrot.org/show_bug.cgi?id=2381 Bug ID: 2381 Summary: foreground mode for ssh-agent Product: Portable OpenSSH Version: 6.9p1 Hardware: Other OS: Linux Status: NEW Severity: enhancement Priority: P5 Component: ssh-agent Assignee: unassigned-bugs at mindrot.org

https://bugzilla.mindrot.org/show_bug.cgi?id=3207 Bug ID: 3207 Summary: Match blocks ignored in files processed by Include Product: Portable OpenSSH Version: 8.3p1 Hardware: amd64 OS: Linux Status: NEW Severity: normal Priority: P5 Component: sshd Assignee: unassigned-bugs at

Hi, I configured openssh 5.1p1 for sftp server. Here the specifications in sshd_config file: Subsystem sftp internal-sftp Match Group sftp ForceCommand internal-sftp ChrootDirectory /home/%u AllowTcpForwarding no When a user is logged in, he can't upload his document and he receives this message: carlo at Music:~$ sftp user at 213.217.147.123 Connecting to

Hi, I configured openssh 5.1p1 for sftp server. Here the specifications in sshd_config file: Subsystem sftp internal-sftp Match Group sftp ForceCommand internal-sftp ChrootDirectory /home/%u AllowTcpForwarding no When a user is logged in, he can't upload his document and he receives this message: carlo at Music:~$ sftp user at 213.217.147.123 Connecting to