Displaying 20 results from an estimated 2000 matches similar to: "[Bug 1564] New: non-accessible user's home directory not reported when ChrootDirectory=none"
2002 Nov 05
2
[PATCH] Add a chroot_users option to sshd
This patch adds a new option to sshd, chroot_users. It has the effect of
chroot()ing incoming ssh users to their home directory. Note: this option
does not work if UsePrivilegeSeparation is enabled.
Patch is based on OpenSSH 3.4p1.
*** servconf.h@@\main\1 Tue Oct 1 17:25:32 2002
--- servconf.h Wed Oct 2 06:17:48 2002
***************
*** 131,136 ****
--- 131,137 ----
char
2001 Apr 13
0
Fixed patch for Digital Unix SIA
Okay, here is a fixed version of the patch I sent before for fixing the
problems I know about with Digital Unix SIA: displaying too much info
(MOTD, last login, etc.) when access is denied, and the loss of the
error message sometimes when access is denied.
It does break some code out of do_login into a couple of separate
functions. I did this to avoid duplicating the code in a couple of
places.
2002 Feb 04
0
[Bug 101] New: session.c modifications for correct UNICOS behavior
http://bugzilla.mindrot.org/show_bug.cgi?id=101
Summary: session.c modifications for correct UNICOS behavior
Product: Portable OpenSSH
Version: 3.0.2p1
Platform: Other
OS/Version: other
Status: NEW
Severity: normal
Priority: P2
Component: sshd
AssignedTo: openssh-unix-dev at mindrot.org
2009 Mar 18
4
[Bug 1574] New: trailing white space on Forced Command within ChrootDirectory causes failure
https://bugzilla.mindrot.org/show_bug.cgi?id=1574
Summary: trailing white space on Forced Command within
ChrootDirectory causes failure
Product: Portable OpenSSH
Version: 5.1p1
Platform: All
OS/Version: Linux
Status: NEW
Severity: normal
Priority: P2
Component: sshd
AssignedTo:
2000 Feb 27
0
[PATCH] Fix login.conf, expiration, BSD compatibility in OpenSSH
This patch revive almost all login.conf and password/account expiration
features, makes OpenSSH more FreeBSD login compatible and fix non-critical
memory leak.
Please review and commit.
--- sshd.c.old Fri Feb 25 08:23:45 2000
+++ sshd.c Sun Feb 27 02:53:33 2000
@@ -37,9 +37,8 @@
#endif /* LIBWRAP */
#ifdef __FreeBSD__
-#include <libutil.h>
-#include <syslog.h>
#define LOGIN_CAP
2011 Jan 17
1
Questions about ChrootDirectory
Hello,
I'm aware of the fact that ChrootDirectory requires that the target
directory is root-owned, and I think I've mostly understood why that is
necessary, at least within the context of someone who has full shell
access. However, I am wondering if that possibility for privilege
escalation still exists with a configuration like this:
Match Group sftp
ForceCommand internal-sftp
2012 Aug 18
0
[Bug 2036] New: Add %g user group name parameter for ChrootDirectory
https://bugzilla.mindrot.org/show_bug.cgi?id=2036
Priority: P5
Bug ID: 2036
Assignee: unassigned-bugs at mindrot.org
Summary: Add %g user group name parameter for ChrootDirectory
Severity: enhancement
Classification: Unclassified
OS: Linux
Reporter: sue at pennine.com
Hardware: ix86
Status:
2009 Nov 05
3
sshd_config ChrootDirectory ambiguity...
Under "ChrootDirectory" there is a line that says,
"This path, and all its components, must be root-owned directories
that are not writable by any other user or group."
When I first read this "all its components" seemed to mean that
all directories and files within this directory must be root owned
and root only writable. This seemed odd as I would not be able
to
2014 Oct 10
3
[Bug 2289] New: arandom(4) as documented in sshd_config(5)’s ChrootDirectory option does not exist on all platforms
https://bugzilla.mindrot.org/show_bug.cgi?id=2289
Bug ID: 2289
Summary: arandom(4) as documented in sshd_config(5)?s
ChrootDirectory option does not exist on all platforms
Product: Portable OpenSSH
Version: 6.7p1
Hardware: Other
OS: All
Status: NEW
Severity: enhancement
2008 Mar 21
1
ChrootDirectory fails if compiled with SELinux support (whether or not using SELinux)
Hi,
(please CC me as I'm not subscribed to the list)
If compiled with SELinux support, OpenSSH 4.8 current cvs fails for
accounts where the new ChrootDirectory option is active :
debug1: PAM: establishing credentials
debug3: PAM: opening session
debug2: User child is on pid 1695
debug3: mm_request_receive entering
debug1: PAM: establishing credentials
debug3: safely_chroot: checking
2014 Mar 17
1
internal-sftp stuck on 'ls' with chrootdirectory
Hi all,
I am using Match directive and internal-sftp to chroot sftp users into their
directory. Connection and login works. I can change directories and put/get
files. Also logging of the internal sftp-process works (created a /dev/log
socket inside the chroot). As soon as I use the 'ls' command, nothing
happens and the the process gets stuck. Listing files does work as soon as I
remove
2009 Mar 28
3
ChrootDirectory security
Hello,
I've tried many places, finally ending up here to ask my question: why
is it so vital that the directory used with the ChrootDirectory
directive is root-owned?
Like many people I'm trying to use this in a webhosting environment
where several users get sftp-only access to some directory, usually
something like /home/user/web/part-of-website.
I can be sure that there are no setuid
2008 Dec 29
0
Proposal: Different handling of ChrootDirectory
Hey guys,
I have read all the messages regarding this issue on the mailing list
and I did notice that quite a few people are not exactly happy with the
new easiness of the chroot support introduced to openssh.
I'm one of them and I think to support my special configuration, the
implementation would need to be changed.
I'm right now setting up a small web hosting company an every
2010 Mar 01
4
[Bug 1726] New: ChrootDirectory doesn't work with SE Linux
https://bugzilla.mindrot.org/show_bug.cgi?id=1726
Summary: ChrootDirectory doesn't work with SE Linux
Product: Portable OpenSSH
Version: 5.3p1
Platform: Other
URL: http://bugs.debian.org/556644
OS/Version: Linux
Status: NEW
Severity: normal
Priority: P2
Component: sshd
2009 Apr 30
2
ChrootDirectory %h
Hi,
many people are having problems using SFTP with ChrootDirectory when the
jail directory (or the path above) is not owned by root. The question is
if chroot'ing to usual home directories can be allowed, even though they
are owned by regular users.
I know that this topic has been discussed on the list several times now,
so I searched the list archives for posts that invalidate the
2012 Jan 19
2
ChrootDirectory per SSH Subsystem?
Hi,
According to the sshd_config manual page the option ChrootDirectory can be used to force a chroot:ed environment for the SSHD server. But as I understand the manual page this is a global setting and it is not possible to specify this per SSH subsystem.
We are building a system where we need users to be able to log on from remote machines via SSH, but with the tweaks that we (for security
2001 Feb 16
1
OpenSSH 2.3.0p1 port to BSDI BSD/OS
BSD/OS 4.2 comes with OpenSSH 2.1.1p4, patched to support BSDI's
authentication library. However, BSDI's patches have several
problems:
1. They don't run the approval phase, so they can allow users to login
who aren't supposed to be able to.
2. They don't patch configure to automatically detect the BSDI auth
system, so they're not ready to use in a general portable
2008 Oct 23
6
ChrootDirectory on a per key basis
Hello,
I'm trying to set up an sftp (sshfs) service accessible to users with
a normal account on a server, but which would be restricted to a
subset of the directory hierarchy normally accessible to the users in
question, in practice a single directory. The idea would be to allow
file access to this directory with a passwordless public key, but keep
rest of the users file accessible only with
2008 Apr 15
0
ChrootDirectory - SFTP subsystem works fine but SSH hangs
Hi
I'm using Centos 5 with Openssh-5.0p1 installed (and OpenSSL 0.98b and
Zlib 1.2.3-3). I've managed to get a chroot'd SFTP session using
ChrootDirectory and the new built-in SFTP subsystem. However, when I
use SSH to connect to the same account the session hangs rather than
closing the connection. This happens whether or not I use
/sbin/nologin /bin/false or even /bin/sh
2001 Jan 20
1
/etc/nologin and Solaris PAM bug
My apologies if this has already been discussed. I looked through the
mailing list archives and couldn't see any mention of this problem. I
compiled and installed openssh-2.3.0p1 on a sparc running SunOS 5.7, and
while I was testing it to make sure everything was working properly, I
noticed that when I used PAM to authenticate, rather than /bin/login, sshd
was not honoring /etc/nologin.
I