Re: Chrooting Openssh

From: Zow (
Date: 10/22/01

Message-Id: <>
To: Charles Clancy <>
Subject: Re: Chrooting Openssh 
Date: Mon, 22 Oct 2001 14:06:51 -0700
From: "Zow" Terry Brugger <>

> On Sat, 20 Oct 2001, Postmaster wrote:
> > Does any body know to chroot openssh service ?
> Generally chroot defeats the purpose of OpenSSH.

Not necessarily - it depends on your policy. If all administration is to be
done locally and all remote users should be isolated from the real system,
then this is a valid mechanism. This would be useful for securing a system
like SourceForge that provides accounts to every Tom, Dick and Sally from the
Internet, such that they can compile on different platforms.

I should also note that it's bad practice to allow root to login directly via
ssh. Tis much better to require the admin to ssh to a user account and su from
there, although that scheme will not work if SSH is chroot'ed either.


import StandardDisclaimer;