Re: OpenSSH Windows Security

Erik Naslund wrote:

My company has a requirement for secure file transfer. We are limited
to windows server 2003. I have successfully setup OpenSSH via cygwin on
this server.

The problem I am having is that I cannot seem to figure out how to
isolate users. They are permitted to travel up the directory structure
into the cygwin directories. Granted it is only read access, but how
can I lock them into their home directory?

You need to put them in a chroot jail. Don't know about Cygwin, but
instructions for doing this with OpenSSH in a "real" *nix environment
can be found here...

http://wiki.linuxquestions.org/wiki/OpenSSH_chrooting

OPenSSH really isn't the best choice if you just need to move files.
It is, as the name implies, a "shell" which needs certain things to
function. This makes chrooting users much more difficult.

.

Relevant Pages

  • Re: DC =?iso-8859-1?Q?hin=FCber_nach_=C4nderung_von_Privilegien?= =?iso-8859-1?Q?_(O
    ... >> Deinstallieren und Cygwin installieren. ... statt den administrativen Privilegien des OpenSSH Daemon. ... als ohne strict mode und ohne Privilege ...
    (microsoft.public.de.german.windows.server.general)
  • Re: Setting TCP filter access for SSH connection
    ... Depends on the ssh server you are using. ... If you are using Cygwin to ... provide you with openssh, then it now includes TCP Wrappers. ... Senior System Administrator - Web Infrastructure & Security ...
    (Security-Basics)
  • Broken DC due to changes regarding privileges (OpenSSH)
    ... I am trying to get OpenSSH working on a Windows Server 2003 with public key ... I am trying to get OpenSSH to work on both. ... create a token object as well as replacing process level tokens. ... create a user account, put him into the administrators group and give him the ...
    (microsoft.public.security)
  • Re: OpenSSH Windows Security
    ... The goal is to only allow SFTP/SCP access and to lock them into their ... home directories. ... I have successfully setup OpenSSH via cygwin on ...
    (alt.computer.security)
  • Re: Problem with tcsh?
    ... > in and tells me "tcsh: ... > I don't have cygwin on my computer. ... The packages of OpenSSH for Windows include ... Good judgement comes with experience. ...
    (comp.security.ssh)