SFTP chroot: Writable root

Dr. Nagy Elemér Kár oly eknagy at omikk.bme.hu
Wed Jan 10 05:10:35 AEDT 2018


Dear OpenSSH Developers,

I believe that many admins would appreciate a functionality similar to the Apache HTTP Server's "DocumentRoot" in SFTP.

I am sure many admins did and will try to use chroot instead as the "close enough match, should work" solution - opening 
up multiple cans of worms.

OpenSSH does not *need* DocumentRoot. But I think it would greatly ease the work of overloaded admins and it could 
increase security by reducing the number of ill-configured SFTP servers.

I would gladly implement this functionality if somebody is willing to sponsor me in integrate it in the next portable 
OpenSSH release. I am unmotivated to move forward without a sponsor as my previous patch [1] is ready for integration for 
many weeks and I got no reply for my requests, not even a "No, stupid.".

Best wishes:
Elmar 

[1] https://bugzilla.mindrot.org/show_bug.cgi?id=1844

> ... or at least nothing I would expect. ...



More information about the openssh-unix-dev mailing list