Re: OpenSSH & ChRoot

From: Darren Tucker (
Date: 05/22/05

  • Next message: Alexander Klimov: "Re: workarounds for Host param not canonicalizing?"
    Date: Sun, 22 May 2005 22:45:25 +1000
    To: Richard Secor <>

    Richard Secor wrote:
    [sshd and chroots]
    > I'm sure someone will try and explain to me why I don't need to ChRoot
    > in SSH, but I want to do it, and with SSH I can. That should be enough
    > to find out how to do it with OpenSSH (otherwise I'm stuck with SSH,
    > until something comes along)

    Stock OpenSSH doesn't have a native chroot capability (not sure about's
    FreeBSD's but I suspect it doesn't either), however if FreeBSD has
    pam_chroot then that ought to work (it did on Linux last time I tried it).

    Darren Tucker (dtucker at
    GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
         Good judgement comes with experience. Unfortunately, the experience
    usually comes from bad judgement.

  • Next message: Alexander Klimov: "Re: workarounds for Host param not canonicalizing?"

    Relevant Pages

    • Re: FTPS Server?
      ... port numbers by deep packet inspection. ... client, but the underlying SSH protocol over the network is way, way ... See the chroot configuration in the man-page for sshd_config ... recommend running a separate instance on a separate port (if firewalls ...
    • Re: chroot SSH users.
      ... Subsystem sftp internal-sftp ... SSH in the system. ... "Make sure chroot support was compiled in" ...
    • Re: Need advice on setting of an SSH server for untrusted users
      ... > I've just set up an ssh server so that my customers can download code ... I've set up ssh so that it requires rsa authentication. ... There is a patch for openssh that will cause it to do a chroot like ... The issue with a chroot jail for ssh is that you have to hand-roll the ...
    • Re: Problems with Sudo
      ... you can't sudo to root. ... SSH is generally allowed, all limitations should still apply including ... secure, the internet is a very dangerous place. ... allowing someone to break out of a chroot jail by simply logging back ...
    • Re: sftponly
      ... provided the server is secure or what other services/interfaces you ... > I agree - chrooting is a good practice, and I wouldn't set SSH up without ... > you pair them with a chroot jail. ... Of course they can do more with SSH access, ...