Re: Chrooting Openssh

From: bugtraq@t-swat.com
Date: 10/24/01

• Previous message: Pekka Aleksi Knuutila: "Re: Building up a shell service."
• In reply to: Charles Clancy: "Re: Chrooting Openssh"
• Next in thread: Charles Clancy: "Re: Chrooting Openssh"
• Next in thread: Bennett Todd: "Re: Chrooting Openssh"
• Reply: Charles Clancy: "Re: Chrooting Openssh"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Message-Id: <5.1.0.14.2.20011023222554.00ae4a78@mailhost.t-swat.com>
Date: Tue, 23 Oct 2001 22:33:28 -0700
To: Charles Clancy <security@xauth.net>, focus-linux@lists.securityfocus.com
From: "bugtraq@t-swat.com" <bugtraq@t-swat.com>
Subject: Re: Chrooting Openssh

At 09:00 AM 22/10/2001, Charles Clancy wrote:
>On Sat, 20 Oct 2001, Postmaster wrote:
> > Does any body know to chroot openssh service ?
>
>Generally chroot defeats the purpose of OpenSSH. With
>OpenSSH/SSH/Telnet/rsh/etc, you want to be able to log in and use the
>system. For administrative purposes, it would be useless if root didn't
>have access to the file system. You might as well just shut off OpenSSH
>completely. If you're in a chroot-jail, there's not much you can
>administer except the OpenSSH daemon.

Personally, I find that there ARE times when I want the ability to provide
a chrooted SSH session.

One such example is providing a secure tunnel for port 1521 on the remote
box, without any other access to the machine at all. I can provide the
username/password into the chrooted environment thereby allowing the
tunnelled connection to be created.

This is the quick and dirty way I've handled this, but if someone has a
better way, I'd love to hear about it.

...jeff

---

• Previous message: Pekka Aleksi Knuutila: "Re: Building up a shell service."
• In reply to: Charles Clancy: "Re: Chrooting Openssh"
• Next in thread: Charles Clancy: "Re: Chrooting Openssh"
• Next in thread: Bennett Todd: "Re: Chrooting Openssh"
• Reply: Charles Clancy: "Re: Chrooting Openssh"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages RE: P.S. - RE: [redhat-list] updates pending question ... I found an article titled ' can I set up sftp to chroot only ... likely RHEL 5. ... a newer version of openssh. ... And if sshd isn't running your faculty won't be able to login. ... (RedHat) RE: P.S. - RE: [redhat-list] updates pending question ... I found an article titled ' can I set up sftp to chroot only ... likely RHEL 5. ... a newer version of openssh. ... And if sshd isn't running your faculty won't be able to login. ... (RedHat) Re: sftp server with chrootdirectory setup ... After the confusing and limited 'chroot' utilities of PrivSep, which actively destabilized OpenSSH on many systems and provided no user-visible difference, the successful use of such a working chroot capability is a good thing. ... This was a problem for many years, and I'm delighted to see the features made available in this apparently effective fashion. ... (comp.security.ssh) Re: sftp server with speed throttling ... configuration work or pass sftp traffic through PF and throttle it ... Only OpenSSH alternative I use sometimes is ... would like to use SSH for the connections, as opposed to FTP, but I ... directives to chroot the groupand/or userthat are to have ... (freebsd-questions) Re: is there a market waiting to be discovered? ... Currently I am interested in chroot feature and it ... > be lots of patches for openssh but it looks like a mess out there. ... > not just chroot but there could well be other features in ssh.com ... (comp.security.ssh)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Mailing-Lists  > securityfocus  > focus-linux  > 2001-10