chrooting/jailing transfer-only accounts

Ben Lindstrom mouring at
Sat May 25 00:57:28 EST 2002

On Fri, 24 May 2002, Sandor W. Sklar wrote:

> At 6:20 PM -0500 5/23/02, Ben Lindstrom wrote:
> >
> >Why?
> >
> >Why don't you just change the user's shell to /path/to/scpjail ?  By doing
> >it this way you capture all subsystems, standard logins and remote
> >commands by just reading the command line and looking at anything past
> >the first -c.  I don't see a reason why one needs to use command="".
> I'm not sure what practical difference that makes ... unless I'm
> missing something, doing so results in the scpjail script being
> passed the same values, and thus, resulting in the same problem.  It

The difference is you used $0 - $9 to read arguments passed to the shell
instead of depending on $SSH_ORIGINAL_COMMAND.  The former always gets it
right where the latter seems to be missing subsystems.

> would also prevent other users from logging in to the account using a
> different key, or from other users "su"ing to the account.

The idea of multiple users on one account is sick.  It is harder to pin
down what is going on and does not improve security.

- Ben

More information about the openssh-unix-dev mailing list