Actually my real objective is to use chroot for SFTP. I am planning to disable ssh login in the final configuration, I was using ssh just for testing the sshd capability for chrooting.
--- On Mon, 11/17/08, Eric Blake <[EMAIL PROTECTED]> wrote: > From: Eric Blake <[EMAIL PROTECTED]> > Subject: Re: SFTP doesn't work with ChrootDirectory option set > To: cygwin@cygwin.com, [EMAIL PROTECTED] > Date: Monday, November 17, 2008, 9:33 PM > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > According to TheO on 11/17/2008 2:24 PM: > > Hi, > > > > I have Cygwin with OpenSSH version 5.1p1-9 installed. > > > > I managed to make ssh with chroot to work by using > ChrootDirectory in sshd_config and copying /bin/bash to the > chroot directory. > > chroot on cygwin is NOT a security measure; it is just an > emulation to > ease porting. The API exists, and allows cygwin apps to > recognize a > different root. But the fact remains that you can spawn a > non-cygwin > program, which doesn't honor the chroot, and all files > outside of the > chroot area are once again accessible. Therefore, if > chroot doesn't add > security, then why should ssh, which is all about security, > even try to > honor ChrootDirectory? > > - -- > Don't work too hard, make some time for fun as well! > > Eric Blake [EMAIL PROTECTED] > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.9 (Cygwin) > Comment: Public key at > home.comcast.net/~ericblake/eblake.gpg > Comment: Using GnuPG with Mozilla - > http://enigmail.mozdev.org > > iEYEARECAAYFAkkiKZUACgkQ84KuGfSFAYDMIQCbBEepLUjJ240okbIMiNLMMkAy > pTUAnRb+554LLKQMKNeZNB+2u7YjIXIG > =50X0 > -----END PGP SIGNATURE----- -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/
