ChrootDirectory on a per key basis
Damien Miller
djm at mindrot.org
Fri Oct 24 20:52:07 EST 2008
On Fri, 24 Oct 2008, Peter Stuge wrote:
> Teemu Ikonen wrote:
>
> > or even better, could a 'chrootdir' option be added to the
> > Authorized keys format?
>
> Yes. I think this will be the easiest to implement. Give it a shot.
> Infrastructure is in place also for passing a value from options in
> authorized_keys.
No, letting users chroot to arbitrary directories introduces
serious security problems. Think about hard-linking /bin/su into
a chroot on the same filesystem where an attacker has filled in
a friendly /etc/passwd.
-d
More information about the openssh-unix-dev
mailing list