Adding a chroot-directory option per key in authorized_keys file
davidshlemayev at gmail.com
Sun Feb 23 04:40:43 AEDT 2020
I'm trying to create a temporary sftp "inbox", so users can share
files more easily.
To do that I want the sender to generate a temporary key pair, send me
the public key securely (perhaps over TLS or a trusted third party),
then I can add a line in authorized_keys like this:
Which allows only sftp access to the following key, chrooted to the
given directory (which is owned by root, created by a daemon/suid
binary/etc), which is /run/ssh-inbox/<UID>/<SHA256(pubkey)>/
My patch verifies that the key has restrict and
command="internal-sftp" set before accepting the key.
I tried to stick to the surrounding code style as much as I could, let
me know if i need to fix anything.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 7119 bytes
Desc: not available
More information about the openssh-unix-dev