keypair auth and limiting access to sftp

Markus Friedl markus at openbsd.org
Wed Sep 19 17:41:57 EST 2001


On Wed, Sep 19, 2001 at 02:17:31AM -0400, James Ralston wrote:
> On Tue, 18 Sep 2001, Markus Friedl wrote:
> 
> > On Mon, Sep 17, 2001 at 05:06:42PM -0400, James Ralston wrote:
> >
> > > Making sftp inaccessable to chroot'ed accounts is certainly one
> > > way to prevent chroot'ed accounts from using sftp to break out of
> > > their chroot jails, yes.
> >
> > how is this related to command="xxx" ?
> 
> It isn't, really; Peter was addressing a different issue (that sftp
> bypassed command="xxx" restrictions)...

well, openssh never claimed that command="xx" applies to subsystems.



More information about the openssh-unix-dev mailing list