chrooting/jailing - put it in the FAQ?

Peter Watkins peterw at
Sat May 25 14:33:47 EST 2002

On Thu, May 23, 2002 at 06:20:12PM -0500, Ben Lindstrom wrote:

> Why don't you just change the user's shell to /path/to/scpjail ?  By doing
> it this way you capture all subsystems, standard logins and remote
> commands by just reading the command line and looking at anything past
> the first -c.  I don't see a reason why one needs to use command="".
> The other question is should SSH_ORIGINAL_COMMAND reflect subsystem calls?

I'd like to suggest that the official OpenSSH FAQ cover the chroot topics.
Chroot jails, whatever folks may think of their merits, are frequently
requested. It would be wonderful if the core team could use the FAQ to
explain the development position and perhaps outline suggested ways that
admins could implement chroot jails, via small wrappers, alternate shells,

Peter Watkins - peterw at - peterw at - 
Private personal mail: use PGP key F4F397A8; more sensitive data? Use 2D123692

More information about the openssh-unix-dev mailing list