Feature Request: Chroot Default Shell Escape

Konstantinos Pipinis k.s.pipinis at gmail.com
Wed Jan 20 22:10:40 AEDT 2021

Dear developers,

The SSH daemon allows sftp connections (through internal-sftp) to a chroot
directory for specific users or groups. This prevents them from having
access with a regular ssh connection to their default terminal (as it
should prevent).
Yet, there are cases (as I had the need to implement) where a custom shell
(eg: used for system configurations) is provided for some users while
simultaneously the users had access only to their designated folder using
the chroot-sftp functionality (in order to download or upload configuration
files and logs).

I would suggest the option for the default shell (as set in passwd) to
escape chroot and execute as normal.

Thank you for your time and consideration. And of course for the amazing
project that is openssh.

Best regards,
Pipinis Konstantinos

PS: This is something I have already implemented and could implement for
the mainstream OpenSSH source.

More information about the openssh-unix-dev mailing list