OpenSSH & ChRoot

• Previous message: Ryan Barrett: "workarounds for Host param not canonicalizing?"
• Next in thread: Darren Tucker: "Re: OpenSSH & ChRoot"
• Reply: Darren Tucker: "Re: OpenSSH & ChRoot"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: secureshell@securityfocus.com
Date: Fri, 20 May 2005 15:15:31 -0400

I've been using SSH 3.2.9.1 from ssh.org/ssh.com for quite awhile now.

Since FreeBSD uses OpenSSH as part of the install I figured I might
move over to it.

However, it seems there may be some issues with what OpenSSH can or
more accurately cannot do over what SSH 3.2.9.1 can/could do.

With SSH I can do have a "ChRootUser" configuration line in my
sshd2_config, however there does not seem to be an easy way of
getting the same result from OpenSSH.

Before I get asked why I would want this....
I would like to give my customers the option of having Shell access
to the server without having to "jail" everything.
And I do not want them poking around (whether everything is tied up
or not is not the issue, however, piece of mind is).

I'm sure someone will try and explain to me why I don't need to
ChRoot in SSH, but I want to do it, and with SSH I can. That should
be enough to find out how to do it with OpenSSH (otherwise I'm stuck
with SSH, until something comes along)

As an additional note I'm a little reluctant to use the available
openssh-chroot patch at sourceforge as it seems to implement some
strange way of doing chroot "./../home/$USER" or something like that
instead of just leaving "/home/$USER" and it using that for the chroot.

Please make sure my E-Mail Address is in the To, CC or BCC field as I
have not subscribed to the discussion list.

Thanks,
Richard Secor
rsecor@seqlogic.com

• Previous message: Ryan Barrett: "workarounds for Host param not canonicalizing?"
• Next in thread: Darren Tucker: "Re: OpenSSH & ChRoot"
• Reply: Darren Tucker: "Re: OpenSSH & ChRoot"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]