Re: SFTP doesn't work with ChrootDirectory option set

[TheO <idgajelas at yahoo dot com>]

Actually my real objective is to use chroot for SFTP. I am planning to disable ssh login in the final configuration, I was using ssh just for testing the sshd capability for chrooting.



--- On Mon, 11/17/08, Eric Blake <ebb9@byu.net> wrote:

> From: Eric Blake <ebb9@byu.net>
> Subject: Re: SFTP doesn't work with ChrootDirectory option set
> To: cygwin@cygwin.com, idgajelas@yahoo.com
> Date: Monday, November 17, 2008, 9:33 PM
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> According to TheO on 11/17/2008 2:24 PM:
> > Hi,
> > 
> > I have Cygwin with OpenSSH version 5.1p1-9 installed.
> > 
> > I managed to make ssh with chroot to work by using
> ChrootDirectory in sshd_config and copying /bin/bash to the
> chroot directory.
> 
> chroot on cygwin is NOT a security measure; it is just an
> emulation to
> ease porting.  The API exists, and allows cygwin apps to
> recognize a
> different root.  But the fact remains that you can spawn a
> non-cygwin
> program, which doesn't honor the chroot, and all files
> outside of the
> chroot area are once again accessible.  Therefore, if
> chroot doesn't add
> security, then why should ssh, which is all about security,
> even try to
> honor ChrootDirectory?
> 
> - --
> Don't work too hard, make some time for fun as well!
> 
> Eric Blake             ebb9@byu.net
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.9 (Cygwin)
> Comment: Public key at
> home.comcast.net/~ericblake/eblake.gpg
> Comment: Using GnuPG with Mozilla -
> http://enigmail.mozdev.org
> 
> iEYEARECAAYFAkkiKZUACgkQ84KuGfSFAYDMIQCbBEepLUjJ240okbIMiNLMMkAy
> pTUAnRb+554LLKQMKNeZNB+2u7YjIXIG
> =50X0
> -----END PGP SIGNATURE-----


      

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/