[scponly] scponly with internal-sftp

Whit Blauvelt whit at transpect.com
Tue Jun 16 20:00:05 EDT 2009


Just a note that scponly will work for sftp in combination with OpenSSH's
internal-sftp option without doing the OpenSSH "match group" step, and
without having to have any files within the chroot other than etc/passwd. As
for steps, instead of adding the user to the group, it's creating the
etc/passwd within their directory, so that's about an even amount of work.

Whether this is more or less secure than the pure OpenSSH way of doing an
sftp chroot I just plain don't know. Is it like a belt and suspenders - more
protection - or is it just having two potential sets of vulnerabilities?

Whit



More information about the scponly mailing list