chroot + ssh concerns

[Lev Lvovsky]

Hello,

I'm new to the list, but hopefully I've done enough digging around that 
I don't get yelled at too terribly ;)

We're looking to implement a chrooted environment for allowing users to 
scp files from servers.  That's basically the only functionality that 
we need in this case.  We're looking to chroot the user and/or remove 
any chance that the account can login via ssh or local to the machine 
an run any commands.  Essentially the idea is to create a dump/pickup 
directory on the machines in question.

In looking around, it seems that chroot has come up on this list 
several times, and has been discussed ad nauseum on usenet.  In looking 
at the archives, it seems that the patch for this has been removed from 
the contrib section of the ssh source.

While patches for chrooted ssh exist (chrootssh comes to mind), I've 
also read the discussion here:

http://marc.theaimsgroup.com/?l=openssh-unix-dev&m=102163541912823&w=2

and am curious to get this groups take on possible solutions.

1.  does anyone have recommendations/warnings about applying the 
securessh patch?  The two main problems I see are code auditting 
(which, while I understand C, I don't know the ssh source well enough 
to understand the patch), as well as waiting on patches to newly 
announced vulnerabilities.

2.  the other options that we have for this are "restricted bash" 
(rbash), and the "scponly" shell - does anyone have any comments on 
either of those two as more (or less) recommended than the chrootssh 
patch?

any other words of wisdom are very much appreciated!

thanks,
-lev