Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: OpenSSH: Dev

sftp chroot

  

 
OpenSSH dev RSS feed   Index | Next | Previous | View Threaded


021231 at wheeler

Sep 20, 2002, 5:15 PM

Post #1 of 5 (1389 views)
Permalink
sftp chroot
Hi all:

I'm looking to chroot sftp; but not chroot ssh sessions. I came across
some info that said this is possible.

But after searching this list's archives and Google, I was rather confused
about the different patches for chrooting, and couldn't find anything that
appeared to only chroot sftp.

Is such a patch available? Can someone point me in the right direction?

Erik


philip at paeps

Sep 21, 2002, 4:25 AM

Post #2 of 5 (1342 views)
Permalink
Re: sftp chroot [In reply to]
On 2002-09-20 21:15:48 (-0400), Erik Wheeler <021231 [at] wheeler> wrote:
> I'm looking to chroot sftp; but not chroot ssh sessions. I came across
> some info that said this is possible.

I've also been looking for a solution like this. I'd like to be able to
chroot sftp and scp connections.

To date, I've only found the scponly shell, which can be chrooted, but it's a
lot of hassle. I don't like having to use the 'commercial' ssh for this :-(

> But after searching this list's archives and Google, I was rather confused
> about the different patches for chrooting, and couldn't find anything that
> appeared to only chroot sftp.

It's a bit 'hazy' to me as well. Any pointers to documentation and patches
would be very helpful.

[...]

- Philip

--
Philip Paeps Please don't CC me, I am
philip [at] paeps subscribed to the list.

BOFH Excuse #7:
poor power conditioning


Jefferson.Ogata at noaa

Nov 17, 2009, 6:42 PM

Post #3 of 5 (1336 views)
Permalink
Re: SFTP Chroot [In reply to]
On 2009-11-18 02:30, lattera wrote:
> Why should all the directory tree be root-owned and have that set of
> permissions? This is preventing me from setting the chroot to /home/<user>
> and be done with it, like that wiki article suggests. If there is no
> security concern, I would like to remove the offending code (the for loop).
> I will probably do this anyways for the project I'm working on, but I am
> unsure if the public as a whole could benefit from such a change.

http://lists.mindrot.org/pipermail/openssh-unix-dev/2009-May/027651.html

https://bugzilla.redhat.com/show_bug.cgi?id=522141

--
Jefferson Ogata <Jefferson.Ogata [at] noaa>
NOAA Computer Incident Response Team (N-CIRT) <ncirt [at] noaa>
"Never try to retrieve anything from a bear."--National Park Service
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev [at] mindrot
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev


peter at stuge

Jul 14, 2010, 2:06 PM

Post #4 of 5 (942 views)
Permalink
Re: SFTP Chroot [In reply to]
Luis Ortíz Silva wrote:
> I tried to deploy a SFTP server with chroot but when i tried to
> connnect the client send the next error:
>
> Write failed: Broken pipe
> Couldn't read packet: Connection reset by peer
>
> The sshd_conf file is the next:
..
> -------------------------------------------------
>
> Please a need help beacuse this server is urgent for the
> enterprise. I don't know what a need to do.

Either climb the learning curve and fix the problem yourself, or hire
someone else who does know what they need to do.

In any case, if you want to get help from anyone, then you must
provide them with much more detail than you sent to the mailing list.

Did you run the server in debug mode and look at the output? I am
fairly confident that there will be some information about the
problem there. If you can not analyze it yourself then I suggest that
you send it to the mailing list.


//Peter
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev [at] mindrot
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev


ijbgreen at gmail

Jul 20, 2010, 11:19 AM

Post #5 of 5 (919 views)
Permalink
Re: SFTP Chroot [In reply to]
I did run the server in debug mode but i can't see anything unusual.

But let me try to found somthing that can provied me a clue for this issue.

2010/7/14 Peter Stuge <peter [at] stuge>

> Luis Ortíz Silva wrote:
> > I tried to deploy a SFTP server with chroot but when i tried to
> > connnect the client send the next error:
> >
> > Write failed: Broken pipe
> > Couldn't read packet: Connection reset by peer
> >
> > The sshd_conf file is the next:
> ..
> > -------------------------------------------------
> >
> > Please a need help beacuse this server is urgent for the
> > enterprise. I don't know what a need to do.
>
> Either climb the learning curve and fix the problem yourself, or hire
> someone else who does know what they need to do.
>
> In any case, if you want to get help from anyone, then you must
> provide them with much more detail than you sent to the mailing list.
>
> Did you run the server in debug mode and look at the output? I am
> fairly confident that there will be some information about the
> problem there. If you can not analyze it yourself then I suggest that
> you send it to the mailing list.
>
>
> //Peter
> _______________________________________________
> openssh-unix-dev mailing list
> openssh-unix-dev [at] mindrot
> https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
>
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev [at] mindrot
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev

OpenSSH dev RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.