chroot + ssh concerns

Asif Iqbal iqbala at
Wed Dec 31 16:09:01 EST 2003

Lev Lvovsky wrote:
> Hello,
> I'm new to the list, but hopefully I've done enough digging around that 
> I don't get yelled at too terribly ;)
> We're looking to implement a chrooted environment for allowing users to 
> scp files from servers.  That's basically the only functionality that 
> we need in this case.  We're looking to chroot the user and/or remove 
> any chance that the account can login via ssh or local to the machine 
> an run any commands.  Essentially the idea is to create a dump/pickup 
> directory on the machines in question.
> In looking around, it seems that chroot has come up on this list 
> several times, and has been discussed ad nauseum on usenet.  In looking 
> at the archives, it seems that the patch for this has been removed from 
> the contrib section of the ssh source.
> While patches for chrooted ssh exist (chrootssh comes to mind), I've 
> also read the discussion here:
> and am curious to get this groups take on possible solutions.
> 1.  does anyone have recommendations/warnings about applying the 
> securessh patch?  The two main problems I see are code auditting 
> (which, while I understand C, I don't know the ssh source well enough 
> to understand the patch), as well as waiting on patches to newly 
> announced vulnerabilities.
> 2.  the other options that we have for this are "restricted bash" 
> (rbash), and the "scponly" shell - does anyone have any comments on 
> either of those two as more (or less) recommended than the chrootssh 
> patch?
> any other words of wisdom are very much appreciated!
> thanks,
> -lev
> _______________________________________________
> openssh-unix-dev mailing list
> openssh-unix-dev at

Check this out

Same guy who wrote qmail

Asif Iqbal
There's no place like

More information about the openssh-unix-dev mailing list