Developers word on SFTP/SCP chroot'ing?
Mike Johnson
mike at enoch.org
Tue Oct 22 14:28:18 EST 2002
Ben Lindstrom [mouring at etoh.eviladmin.org] wrote:
>
>
> You missed option 4 for which most of the developers agree is the correct
> one.
>
> Write a shell to handle whatever customized features you need. I've seen
> one or two sftp/scp only shells floating around. I'm sure they can be
> modified for your needs.
Here's one: http://www.pizzashack.org/rssh/
I've been pretty pleased with it. Patched it to allow the user to run
sudo, and then let sudo take care of access.
My opinion is just one from the peanut gallery, but I speak from
experience. I started with a patched sshd that did the chroot, but this
became unmaintainable (it was based on an older patch) as new versions
of openssh were released. Doing it in the shell is -much- easier from a
maintainability perspective. It didn't really take much effort to make
rssh do what I wanted.
Mike
--
"Would you like to take advantage of wiretap Wednesdays?" -- Fed on Sealab 2021
GNUPG Key fingerprint = ACD2 2F2F C151 FB35 B3AF C821 89C4 DF9A 5DDD 95D1
GNUPG Key = http://www.enoch.org/mike/mike.pubkey.asc
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 230 bytes
Desc: not available
Url : http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20021022/09db627a/attachment.bin
More information about the openssh-unix-dev
mailing list