OpenSSH 3.2.2 released : chroot
Florin Andrei
florin at sgi.com
Tue May 21 03:32:08 EST 2002
On Fri, 2002-05-17 at 09:05, Ben Lindstrom wrote:
>
> Out of interest why do you feel it's required to do chroot() at the
> OpenSSH level? Why don't you invest time into a shell that does the
> chroot() for you? That would work for telnet, ssh, etc. No need to
> clutter up OpenSSH with options that can easily be implemented at a higher
> level.
Perhaps because an OpenSSH-level chroot will also work for
sftp-restricted accounts.
Remember, if you want to restrict an account to sftp-only, you have to
declare the sftp-server as a shell. Which is kinda annoying, but it's
ok. Now, if you chroot at the shell level, it suddenly becomes more
complicated for sftp-only accounts.
--
Florin Andrei
Spiderman according to Jon Katz: "the web-slinging arachnoid-nerd from
Queens who gets the bad guy but really wants the girl."
More information about the openssh-unix-dev
mailing list