[scponly] scponly with internal-sftp
Whit Blauvelt
whit at transpect.com
Tue Jun 16 20:00:05 EDT 2009
Just a note that scponly will work for sftp in combination with OpenSSH's
internal-sftp option without doing the OpenSSH "match group" step, and
without having to have any files within the chroot other than etc/passwd. As
for steps, instead of adding the user to the group, it's creating the
etc/passwd within their directory, so that's about an even amount of work.
Whether this is more or less secure than the pure OpenSSH way of doing an
sftp chroot I just plain don't know. Is it like a belt and suspenders - more
protection - or is it just having two potential sets of vulnerabilities?
Whit
More information about the scponly
mailing list