ric.castellani at alice
Feb 27, 2011, 10:58 AM
Post #3 of 4
There is no possibility to implement this mechanism ?
Re: Chroot: sshd bug ? user redirects to root folder.
[In reply to]
----- Original Message -----
From: "Dennis Nasarov" <nasarov [at] gmail>
To: "Riccardo Castellani" <ric.castellani [at] alice>
Cc: <secureshell [at] securityfocus>
Sent: Sunday, February 27, 2011 6:45 PM
Subject: Re: Chroot: sshd bug ? user redirects to root folder.
On Feb 27, 2011, at 5:21 PM, Riccardo Castellani wrote:
> I installed openssh-5.6p1 into my Fedora server and I run this service
> into chroot mode.
> I think to have found out a BUG into this package, specifically into sshd
> if remote user tries to connect to this service, where its home directory
> is unaccessible because it doesn't respect right permissions (execution
> permission of owner is missed or home directory is missing), he comes
> automatically into root folder of chroot.
It's not a bug, it's a feature ;) (c)
> I think sshd should have to deny this login or at least sshd_config should
> have to contain the option to set this specifc behaviour; for example into
> Fedora distributions, there is "DEFAULT_HOME" option in /etc/login.defs
> file to permit this behavior.
> Yes it's true, I can restrict access to specific users or use PAM module,
> but for security reasons I need to make sure myself to restrict access
> ONLY to home folder of user.
> I also could use PAM modules, but it's only available pam_mkhomedir.so
> which creates home folder if this one is not existing; I need
> pam_homecheck.so but it's available only as package for OpenSuse.
> Suggestions ?