This is the mail archive of the cygwin mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: Finally managed to create a jailed SFTP server, but how secure?


On 12/01/2008, TheO wrote:
According to my observation, regardless of his authentication (public key or password), he can only see a limited number of directories within the jail environment. The only directory which is virtually added by Cygwin during his login, and therefore beyond my control, is /cygdrive. Luckily enough for me, it is empty so in my opinion the user can't traverse my harddisk.

If you're happy with the results, that's fine. However, you asked how secure SFTP was. The answer is as I've said. Cygwin is not the O/S. It cannot enforce restrictions on the O/S. Only the O/S can restrict or grant access to users.

I have not attempted to set up a jailed SFTP environment on Cygwin.  It
may be that what you've done hems the user into the area you want when
he/she is using Cygwin tools.  However, this does not restrict the user
with Windows native tools.  If he/she is able to leverage those inside
the jail, then the user has the keys he/she wants to get out.

--
Larry Hall                              http://www.rfk.com
RFK Partners, Inc.                      (508) 893-9779 - RFK Office
216 Dalton Rd.                          (508) 893-9889 - FAX
Holliston, MA 01746

_____________________________________________________________________

A: Yes.
> Q: Are you sure?
>> A: Because it reverses the logical flow of conversation.
>>> Q: Why is top posting annoying in email?

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]