allowing sftp only users
Stephen Samuel
samuel at bcgreen.com
Tue Nov 19 12:02:45 EST 2002
I only need to modify sftp-server if I want to creat arbitrary chroot jails.
Once the chroot jail is created, there's no real way to find the sftp-server
binary. As a result, the chroot call needs to be done by sftp-server.
The 5-line change to sftp-server consists of checking for a -c flag,
doing the chroot and then doing a chdir("/") call (to close off
any possible chroot escape)
Ben Lindstrom wrote:
>
> Why do you need to modify sftp-server at all? Your sftpsh should be able
> to handle it all internally.
>
> - Ben
>
> On Mon, 18 Nov 2002, Stephen Samuel wrote:
>
>
>>I've attached an email that I wrote a couple of weeks ago -- including
>>my solution to the problem. (an sftp chroot jail). It has two parts: an
>>sftpsh replacement for nologin and a (very spall) patch for sftp
>>
>>While I'm at it. what's the protocol for submitting these changes
>>for inclusion in the base release?
>>
>>PIERROT David wrote:
>>
>>>Good morning,
>>>
>>>I am david pierrot ingeener for it company.
>>>
>>>We nned to install a ssh client and ssh server (linux and win 2000)
>>>
>>>we have have problem , could you tell me please if this thing is possible.
>>>
>>>we want that users on ssh can only use sftp or scp but we do not want thath
>>>they can be use roo command or something elese.
>>>with sshd command it is possible to use telnet by port 22, do you think that
>>>is it possible to forbiden this kind of thing and to have only ftp command.
>>>
>>>many thanks in advance.
>>>
>>>best regards
>>>
>>>
>>>
>>>>DAVID PIERROT
>>>>UNEDIC Ma?trise d'Oeuvre
>>>>* 5, avenue Jean Jaures - BP2 - 69551 FEYZIN Cedex
>>>
>>>msg : dpierrott at unedic.fr
>>>Tel. : 04-72-89-23-62
>>>
>>>
>>>
>>>+----------------------------------------------------------------+
>>>| Ce courrier ainsi que les fichiers joints sont confidentiels. |
>>>| Si vous avez recu ce courrier par erreur, veuillez en informer |
>>>| l'administrateur du systeme : exp-iris at unedic.fr |
>>>| --------- |
>>>| Ce message confirme que le courrier a passe le controle |
>>>| antivirus du relais de messagerie Internet avec succes. |
>>>+----------------------------------------------------------------+
>>>
>>>_______________________________________________
>>>openssh-unix-dev at mindrot.org mailing list
>>>http://www.mindrot.org/mailman/listinfo/openssh-unix-dev
>>
>>--
>>Stephen Samuel +1(604)876-0426 samuel at bcgreen.com
>> http://www.bcgreen.com/~samuel/
>>Powerful committed communication, reaching through fear, uncertainty and
>>doubt to touch the jewel within each person and bring it to life.
>>
>
>
--
Stephen Samuel +1(604)876-0426 samuel at bcgreen.com
http://www.bcgreen.com/~samuel/
Powerful committed communication, reaching through fear, uncertainty and
doubt to touch the jewel within each person and bring it to life.
More information about the openssh-unix-dev
mailing list