chrooting/jailing transfer-only accounts

Sandor W. Sklar ssklar at
Wed May 22 13:47:59 EST 2002


I've been tasked to find a solution that will create 
file-transfer-only accounts that are jailed or chrooted to a specific 
directory.  (Not an uncommon task, I think.)

Using the OpenSSH server and the OpenSSH scp client program, I can 
achieve the goal of having a file transfer only account jailed to a 
specified directory, by using the "scpjail" script (attached) as a 
forced command.

However, if the client is using the SSH.COM's scp2 client program, 
the above technique does not work, since the commercial version uses 
sftp as the underlying method.

So, the only solution I can see is to use one of the several 
chrooting patches that are floating around to the OpenSSH source, and 
set the user's shell to sftp-server.  If I do this, I make it 
impossible to use the OpenSSH scp client ; all connections must be 
done using sftp clients.  I am also tied to selecting and using one 
of these patches, which I admit, I do not have the technical ability 
to judge on their merits and potential weaknesses.  I am phobic about 
using patches that are not part of the baseline code (especially for 
security-related software), as it creates one more thing to worry 

My question is, does anyone see a solution that I am missing here? 
Complaining to SSH.COM is not a solution, as it does not solve my 
problem.  It is not in my power to force the user community to use 
only the OpenSSH implementation.

I've seen many mails on this list lately talking about the pros and 
cons of including chroot-ability; the people who seem to feel that it 
is unnecessary have said that it is easy enough to implement outside 
of OpenSSH.  I don't have the ability to do so; among the community 
of OpenSSH users, I doubt I'm alone in this.

(As an aside, I'd appreciate it if people would look at the attached 
script, and let me know if they can see any obvious holes in it. 
I've tried unsuccessfully to break out if it is set up properly, but 
others may have more success.)

Thanks, -S-

   Sandor W. Sklar  -  Unix Systems Administrator  -  Stanford University ITSS
   Non impediti ratione cogitationis.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: scpjail
Type: application/mac-binhex40
Size: 11846 bytes
Desc: not available
Url : 

More information about the openssh-unix-dev mailing list