ChrootDirectory on a per key basis

Teemu Ikonen tpikonen at
Mon Oct 27 03:06:45 EST 2008

Damien Miller wrote:
 > No, letting users chroot to arbitrary directories introduces
 > serious security problems. Think about hard-linking /bin/su into
 > a chroot on the same filesystem where an attacker has filled in
 > a friendly /etc/passwd.

OK, so adding chrootdir option to authorized keys is a bad idea.

Another way to achieve my objective, which is additional sftp file 
access restrictions to connections authorized with certain keys, would 
be to modify sftp-server to accept a directory parameter. The 
authorized_keys could then have 'command="sftp-server -d 
/home/user/stuff"' option to restrict access to /home/user/stuff.

Could this be made secure so that if an attacker has a copy of the 
(passwordless) private key, he would not be able to access files outside 
the given directory?


More information about the openssh-unix-dev mailing list