Josh Grosse wrote:
A new sftp chroot restriction environment is now available in -current; you
may find the discussion at the OpenBSD Journal helpful:
http://undeadly.org/cgi?action=article&sid=20080220110039
1) What is the timeline for completely dropping scp?
2) ChrootDirectory and similar features in sshd_config are great.
DenyGroups and AllowGroups were ones that I had really wanted.
Along those lines, the example given in the undeadly article above apply
access controls at the user level. Applying them at the group level is
often considered more maintainable and scalable. The example from the
article would look like this instead:
Match group uploaders
ForceCommand internal-sftp
ChrootDirectory /chroot
Where user djm is a member of the group uploaders.
Regards,
-Lars
