Suggestion for openssh
Ben Lindstrom
mouring at offwriting.org
Thu Feb 9 01:11:03 EST 2012
On Feb 8, 2012, at 1:21 AM, John Olsson M wrote:
> Ben Lindstrom wrote:
>> It would be more useful to allow "Subsystem" be allowed in a
>> 'Match' section and ensure 'Subsystem sftp none' or such to
>> remove it from the user's valid subsystem support.
>
> I'm strongly in favor of such an enhancement of OpenSSH. This would also allow for setting a chroot jail per individual subsystem. E.g. sftp chroot:ed but not ssh. :)
>
> See also https://bugzilla.mindrot.org/show_bug.cgi?id=1975
Completely a different thing then what was being discussed. What was being discussed was allowing say:
Match User mouring
Subsystem sftp none
Subsystem custom /usr/local/bin/custome_subsystem
Not a "Match Subsystem ..."
- Ben
More information about the openssh-unix-dev
mailing list