Re: Chrooting Openssh

From: bugtraq@t-swat.com
Date: 10/24/01


Message-Id: <5.1.0.14.2.20011023222554.00ae4a78@mailhost.t-swat.com>
Date: Tue, 23 Oct 2001 22:33:28 -0700
To: Charles Clancy <security@xauth.net>, focus-linux@lists.securityfocus.com
From: "bugtraq@t-swat.com" <bugtraq@t-swat.com>
Subject: Re: Chrooting Openssh

At 09:00 AM 22/10/2001, Charles Clancy wrote:
>On Sat, 20 Oct 2001, Postmaster wrote:
> > Does any body know to chroot openssh service ?
>
>Generally chroot defeats the purpose of OpenSSH. With
>OpenSSH/SSH/Telnet/rsh/etc, you want to be able to log in and use the
>system. For administrative purposes, it would be useless if root didn't
>have access to the file system. You might as well just shut off OpenSSH
>completely. If you're in a chroot-jail, there's not much you can
>administer except the OpenSSH daemon.

Personally, I find that there ARE times when I want the ability to provide
a chrooted SSH session.

One such example is providing a secure tunnel for port 1521 on the remote
box, without any other access to the machine at all. I can provide the
username/password into the chrooted environment thereby allowing the
tunnelled connection to be created.

This is the quick and dirty way I've handled this, but if someone has a
better way, I'd love to hear about it.

...jeff



Relevant Pages

  • RE: P.S. - RE: [redhat-list] updates pending question
    ... I found an article titled ' can I set up sftp to chroot only ... likely RHEL 5. ... a newer version of openssh. ... And if sshd isn't running your faculty won't be able to login. ...
    (RedHat)
  • RE: P.S. - RE: [redhat-list] updates pending question
    ... I found an article titled ' can I set up sftp to chroot only ... likely RHEL 5. ... a newer version of openssh. ... And if sshd isn't running your faculty won't be able to login. ...
    (RedHat)
  • Re: sftp server with chrootdirectory setup
    ... After the confusing and limited 'chroot' utilities of PrivSep, which actively destabilized OpenSSH on many systems and provided no user-visible difference, the successful use of such a working chroot capability is a good thing. ... This was a problem for many years, and I'm delighted to see the features made available in this apparently effective fashion. ...
    (comp.security.ssh)
  • Re: sftp server with speed throttling
    ... configuration work or pass sftp traffic through PF and throttle it ... Only OpenSSH alternative I use sometimes is ... would like to use SSH for the connections, as opposed to FTP, but I ... directives to chroot the groupand/or userthat are to have ...
    (freebsd-questions)
  • Re: is there a market waiting to be discovered?
    ... Currently I am interested in chroot feature and it ... > be lots of patches for openssh but it looks like a mess out there. ... > not just chroot but there could well be other features in ssh.com ...
    (comp.security.ssh)