Feature request/RFC: sftp-chroot authorized_keys option

Andreas Rottmann mail at rotty.xx.vu
Wed Jul 22 08:29:17 AEST 2015 

Hi!

[ If this is the wrong mailing list for such requests, please apologize
  and direct me to the right one ]

Since I have a particular use case for it[0], I wonder if it would be
possible to implement a key based (i.e. configured via
~/.ssh/authorized_keys option) restriction to allow sftp access to a
specific directory only. I'm aware that I can restrict a specific key to
use sftp only using 'command="internal-sftp"', but I want to impose an
additional restriction to a specific directory, e.g. by adding
'sftp-chroot="/some/directory"'. This is already possible on a per-user
basis in sshd_config using ChrootDirectory, but my question is:

- Would it be possible to implement this feature on a per-key basis
  within the current architecture of OpenSSH (i.e. without major tweaks
  to the codebase)?
- If so, is this a feature that would be considered worthwhile enough to
  be considered for inclusion, should someone step up and provide a
  reasonable implementation?

If the answer is no to either of the above questions, I'd like to hear
that reasoning of well, of course.

If that feature is deemed both implementable (without affecting the
OpenSSH architecture) and worthwhile, I might try my hand at it,
although note that I'm both a newbie to the OpenSSH project's
development, and would do this in my spare time, thus it'd probably take
a while, and require (quite?) a bit of steering/review.

If anyone has ideas (e.g. areas of code that would require changes) of
how that feature can/should be implemented, or would like to implement
it themselves, I'm all ears :-).


[0] For the specific use case I mentioned: I'd like for my mobile device
    to have SFTP access, restricted to a specific directory on my
    server. It should have access using my regular account, such that
    access permissions between my regular shell account and the files
    created by the mobile device are compatible.

    Currently I solve this use case using a combination of access via
    WebDAV and POSIX ACLs, but I'd prefer an SSH-based solution for its
    stronger authentication/crypto, not requiring ACLs, and avoiding
    UIDs differing between files created by the WebDAV httpd and the
    shell account.

Regards, Rotty
-- 
Andreas Rottmann -- <http://rotty.xx.vu/>

More information about the openssh-unix-dev mailing list