[scponly] scponly chroot vs. Openssh forcecommand
Kaleb Pederson
kibab at icehouse.net
Wed Dec 27 21:21:37 EST 2006
OpenSSH doesn't currently have the ability to chroot, although there is a
patch that will allow it to chroot:
http://chrootssh.sourceforge.net/index.php
Hmm.... There is one thing that might work if OpenSSH allows spaces in
the "ForceCommand" (and if not, you might be able to make a wrapper script):
Match User restricted-user
ForceCommand chroot /path/to/chroot -s /usr/libexec/sftp-server
That's totally untested, but it might work.
If you try it, please post your results and let us know.
Thanks.
--Kaleb
On Tuesday 26 December 2006 20:18, Brian A. Davis wrote:
> Hey Folks,
>
> I saw a recent thread which introduced (to me anyway) the ForceCommand
> based on some new OpenSSH functionality, where you can force a user
> solely via OpenSSH to a sftp only subsystem.
>
> To copy paste a the example give on the thread:
>
> Match User restricted-user
> ForceCommand /usr/libexec/sftp-server
>
> Now, this is basically all I'm looking for, but I'm already running a
> chrooted scponly install. However, if I can get all the functionality
> out of OpenSSH, I'd like to remove scponly in the interest in keeping
> things simple.
>
> I don't need scp access, so I'm thinking the only reason for me to keep
> scponly is for the chroot.
>
> Does anyone know if I can chroot my users using the OpenSSH ForceCommand
> method? If not, I'll stick with the scponly setup I have.
>
> Thanks,
> Brian
>
> _______________________________________________
> scponly mailing list
> scponly at lists.ccs.neu.edu
> https://lists.ccs.neu.edu/bin/listinfo/scponly
More information about the scponly
mailing list