Hello, Willy. > Is there any chance of (work going on) implementing chroot in sshd? > (At least when using only sftp). > Like the ChRootGroups and ChRootUsers in ssh2 (sshd2_config). > (Because I prefer using the sshd in base).
SFTP chroot support is easy but with a possible security flaw: Apply the following patch at the following URL to sftp-server.c: http://www.informatik.tu-cottbus.de/~cnoack/openbsd/ In order to make the chroot work, you need to suid sftp-server: -r-sr-xr-x 1 root bin 32768 May 17 2004 /usr/libexec/sftp-server To enable chroot at SFTP for a user (no ssh interactive login then), alter his useraccount to use the following properties: - homedir: /folder/to/content/./ - shell: /usr/libexec/sftp-server The /./ postfix is the indicator for sftp-server to chroot the user, all other users without /./ are handled as usual. Then the user can login via SFTP and is chrooted to /folder/to/content Christian Noack
