OpenSSH 3.2.2 released : chroot

Florin Andrei florin at sgi.com
Tue May 21 03:32:08 EST 2002


On Fri, 2002-05-17 at 09:05, Ben Lindstrom wrote:
> 
> Out of interest why do you feel it's required to do chroot() at the
> OpenSSH level?  Why don't you invest time into a shell that does the
> chroot() for you?  That would work for telnet, ssh, etc. No need to
> clutter up OpenSSH with options that can easily be implemented at a higher
> level.

Perhaps because an OpenSSH-level chroot will also work for
sftp-restricted accounts.
Remember, if you want to restrict an account to sftp-only, you have to
declare the sftp-server as a shell. Which is kinda annoying, but it's
ok. Now, if you chroot at the shell level, it suddenly becomes more
complicated for sftp-only accounts.

-- 
Florin Andrei

Spiderman according to Jon Katz: "the web-slinging arachnoid-nerd from
Queens who gets the bad guy but really wants the girl."




More information about the openssh-unix-dev mailing list