the commercial ssh server has an option to chroot to a user's home directory. there are patches available to openssh to do it also, though i don't know if they've been thoroughly audited. check out http://mail.incredimail.com/howto/openssh/ you can make sftp-server the user's shell to only allow sftp access.
xn On Sat, Mar 30, 2002 at 10:24:28PM -0500, Jon McCain wrote: > I've been playing around with the scp and sftp components of putty and > noticed what I consider a security hole. Winscp does the same thing. > The user can change to directories above their home. Is there a way to > chroot them like you can in an ftp config file? I don't see anything in > the sshd config files. If you can't, how can I disable the scp > functionality? I'm not talking about scp from the linux box. The users > don't have shell access so that's not a problem. I'm referring to > remote people using a scp client to access my linux machine. You can > disable sftp ability by removing the sftp-server program but the scp > server part seems to be part of sshd. > > I did not see anything about this issue on the openssh web site. > Anybody got any suggestions? > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
