Re: Chrooting OpensshFrom: Zow (firstname.lastname@example.org)
- Previous message: Charles Clancy: "Re: Chrooting Openssh"
- Maybe in reply to: Postmaster: "Chrooting Openssh"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Message-Id: <200110222106.OAA05464@smtp-1.llnl.gov> To: Charles Clancy <email@example.com> Subject: Re: Chrooting Openssh Date: Mon, 22 Oct 2001 14:06:51 -0700 From: "Zow" Terry Brugger <firstname.lastname@example.org>
> On Sat, 20 Oct 2001, Postmaster wrote:
> > Does any body know to chroot openssh service ?
> Generally chroot defeats the purpose of OpenSSH.
Not necessarily - it depends on your policy. If all administration is to be
done locally and all remote users should be isolated from the real system,
then this is a valid mechanism. This would be useful for securing a system
like SourceForge that provides accounts to every Tom, Dick and Sally from the
Internet, such that they can compile on different platforms.
I should also note that it's bad practice to allow root to login directly via
ssh. Tis much better to require the admin to ssh to a user account and su from
there, although that scheme will not work if SSH is chroot'ed either.