[scponly] .ssh

Charles Fry scponly at frogcircus.org
Tue Feb 10 16:48:23 EST 2004


My copy of setup_chroot.sh contains the warning:

"Next we need to set the home directory for this scponly user.
please note that the user's home directory MUST NOT be writeable
by the scponly user.  this is important so that the scponly user
cannot subvert the .ssh configuration parameters.

"for this reason, a writeable subdirectory will be created that
the scponly user can write into."

Can someone please explain how this could be a security vulnerability? I
used scpjailer, and it doesn't seem to create any .ssh configuration
parameters.

thanks,
Charles

-- 
Candidate says
Campaign
Confusing
Babies kiss me
Since I've been using
Burma-Shave
http://frogcircus.org/burmashave/1950/candidate_says



More information about the scponly mailing list