>
> But when I tried to restart sshd, I got this message:
>
> # net start sshd
> bash: /cygdrive/c/WINDOWS/system32/net: No such file or directory
>
> Do I need to change somewhere else too?
Ignore my previous message. It worked after I closed the last
Console and open a new one.
Many than
>
> I believe it is still supported for Cygwin 1.5. I think what has
> happened is the Cygwin DLL created an actual /cygdrive directory (which
> is useful for things like bash completion) in your chroot jail. Now that
> you've changed the Cygdrive prefix, delete that directory and all should
> be
> if you are concerned about the "cygdrive" text there is a registry entry
> where
> you can set that to whatever you want including "". That is what I do. I
> would
> tell you what it is but my windows machine is not here right now. Then when
> you
> "ls /" you get /c, /d etc instead of /cyg
>
> THis isn't a question of being good or badly implemented, it's the
> simple fact that it doesn't (and can't) provide what people think it
> does. Chroot is a bad fake on Cygwin. Even a super cool implementation
> doesn't change that.
>
I don't know how chroot is implemented but so far ever
>
> From what we've seen so far, it seems that SFTP responds as expected.
> That is all that I want to know.
> From this point forward, we must try to close all other access ways
> that does not belong to the scenario... but those are not excuses to
> not implement the SFTP chroot.
>
Actually, m
> What about:
>
> $ sftp localhost
> Connecting to localhost...
> sftp> symlink 'C:\Windows' bar
> sftp> cd bar
Sorry I missed out the ', here we go again with ' this time:
sftp> symlink 'C:\foobar' foobar
sftp> symlink 'C:\windows' windows
sftp> ls -al
drwxr-xr-x2 rootroot0 D
> What about:
>
> $ sftp localhost
> Connecting to localhost...
> sftp> symlink 'C:\Windows' bar
> sftp> cd bar
Sorry I missed out the ', here we go again with ' this time:
sftp> symlink 'C:\foobar' foobar
sftp> symlink 'C:\windows' windows
sftp> ls -al
drwxr-xr-x2 root root0
> What about:
>
> $ sftp localhost
> Connecting to localhost...
> sftp> symlink 'C:\Windows' bar
sftp> symlink C:\foobar foobar
sftp> symlink C:\windows windows
sftp> ls -al
drwxr-xr-x2 root root0 Dec 5 19:31 .
drwxr-xr-x3 root root0
>
> You also need to try symlinks that point outside the "jail". Try
> creating them both from the shell and within SFTP.
>
Just got back from my Christmas shopping and now back to work :)
I don't know how to create a symlink from inside SFTP so I did it only from
Console. I have created two
> > I understand why all these virtual directories are necessary at the absolute
> > '/' root level. But here I refer to /cygdrive which is created inside the
> > jail
> > directory, which means in absolute path, /jail/cygdrive (/jail being the
> > root
> of my jail). Inside the jail, only /cygd
>
> I will try different variants definitely. Unfortunately I can only give the
> feedback tomorrow as I am away from the office now.
>
> Thanks for your input.
>
Hi again,
I'm sorry I couldn't come back earlier. All my tests (at the end of this post
shows negative result). First, I try to cha
>
> And what about Brian's other point - if sshd has a security bug like a
> buffer overrun (shudder, but possible - look at how often openssh has been
> updated over the years to fix security holes as soon as someone identifies
> one)
>
Such hole would affect all OpenSSH implementation. Even th
>
> Don't forget the other variants, like
>
> \\.\c:\foo\bar
> \\./c:/foo/bar
> \??\c:\foo\bar
> \??/c:\foo\bar
> \??/c:/foo/bar
>
I will try different variants definitely. Unfortunately I can only give the
feedback tomorrow as I am away from the office now.
Thanks for your input.
-
>
> This is what I get:
>
> sftp> cd C:/
> Couldn't canonicalise: No such file or directory
>
> sftp> get C:/foo
> Couldn't stat remote file: No such file or directory
> File "/home/Administrator/C:/foo" not found.
>
More to come:
sftp> cd /cygdrive
sftp> ls -al
>
> No, we mean "get c:/dir/file" or "get c:\dir\file". (or "put
> //hostname/share/file", shudder.)
>
This is what I get:
sftp> cd C:/
Couldn't canonicalise: No such file or directory
sftp> get C:/foo
Couldn't stat remote file: No such file or directory
File "/home/Adminis
>
> This is not valid reasoning, as Eric Blake already pointed out you can
> still access files outside of a chroot even if you're still going
> through the Cygwin DLL by using Win32 style pathnames since Cygwin
> passes those through untouched. Whether or not you can trick the sftp
> code into l
Hi again,
I am afraid I have to ask for clarification again :(, I hope this is the last
time before I am on my own with this:
>
> No, you cannot hide it. It is created by Cygwin itself as a convenience
> to access the virtual 'cygdrive' directory. This is one of a number of
> virtual direct
>
>
>
Many thanks for all your responses so far and I apologize if I
seem to be very persistent with my questions in this thread.
Maybe it's my fault to pose a such general question. Maybe I should
be more specific in my questions, asking many smaller targeted
questions instead of one big on
>
> I understand. If SFTP under Cygwin fits your needs and you can live
> with the risks, then you should continue using it. I certainly don't
> understand your application or its requirements for communication but
> given your description above, it seems to me that 'scp' would serve your
> pur
>
> Did you verify whether DOS paths, such as c:\, were also blocked?
>
No it's not blocked from Windows. if I log on locally, I can access /cygdrive/c
without any problem. But I can't using jailed SFTP, even if I use my
Administrator account.
>
> To repeat what we have already told you m
>
> If you're happy with the results, that's fine. However, you asked how
> secure SFTP was. The answer is as I've said. Cygwin is not the O/S.
> It cannot enforce restrictions on the O/S. Only the O/S can restrict
> or grant access to users.
>
Thanks Larry,
The reason why Cygwin is ideal
>
> Security from the standpoint of access to the remote file system and
> processes come from the security measures put in place under Windows
> on the remote system. SFTP under Cygwin will not provide this. It
> only provids encrypted transport.
>
According to my observation, regardless of h
Hi,
I finally managed to create a chroot'ed (jailed) SFTP environment under Cygwin.
Here are my steps which may be useful for others:
- All directories from root to the chroot directory must be owned by UID 0 and
GID 0. For example, if you want to jail users in /jail then / and /jail must
belo
Hi Corinna,
I tried to set ChrootDirectory to / (the root directory) which normally is
identical to "no jail" (and therefore I don't need to copy anything to
user's home directory).
But it didn't work for SFTP; it worked for SSH though.
Corinna Vinschen wrote:
Hi Corina,
I agree with you on the fact that it's difficult to have full protection from
Cygwin for ssh login.
But my main concern is SFTP. What can a user do with SFTP if he is jailed in
Cygwin? He can only see, upload, download files in the allowed directories
using SFTP and can't execute an
IN PGP SIGNED MESSAGE-
Hash: SHA1
According to TheO on 11/17/2008 2:24 PM:
> Hi,
>
> I have Cygwin with OpenSSH version 5.1p1-9 installed.
>
> I managed to make ssh with chroot to work by using ChrootDirectory in
sshd_config and copying /bin/bash to the chroot directory.
chroot
SSAGE-
Hash: SHA1
According to TheO on 11/17/2008 2:24 PM:
> Hi,
>
> I have Cygwin with OpenSSH version 5.1p1-9 installed.
>
> I managed to make ssh with chroot to work by using ChrootDirectory in
sshd_config and copying /bin/bash to the chroot directory.
chroot on cygwin is N
IL PROTECTED]>
> Subject: Re: SFTP doesn't work with ChrootDirectory option set
> To: cygwin@cygwin.com, [EMAIL PROTECTED]
> Date: Monday, November 17, 2008, 9:33 PM
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> According to TheO on 11/17/2008 2:24 PM:
> > Hi,
>
Hi,
I have Cygwin with OpenSSH version 5.1p1-9 installed.
I managed to make ssh with chroot to work by using ChrootDirectory in
sshd_config and copying /bin/bash to the chroot directory.
But I can't make it work for SFTP even when I tried to set:
ChrootDirectory /
which I expect should be t
ed on the subject already, or else I could
make some more examples suitable for cygwin compilation, which is a
great improvement (and Open Source and Free) over the windows tools! Let
me know what you think.\
Regards,
Theo Verelst
--
Unsubscribe info: http://cygwin.com/ml/#unsubs
Thanks Brian for the clarifications. The instructions in this location
are very clear and I will be happy to try them out.
--theo
--
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Problem reports: http://cygwin.com/problems.html
Documentation: http://cy
the documentation. Hopefully this saves some time for others who
apparently were looking for the same.
with best regards
Theo
--
Ericsson Research, Service Layer Technologies
KI/EAB/TGB,SE-164 80 Kista, Sweden
--
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Problem rep
Reini Urban wrote:
Theo Verelst schrieb:
I've started a sound generator package on Linux and Cygwin consisting
...
http://82.168.209.239/Soundtest
Why not use the standard puredata, which is also based on tcl/tk and
portaudio, but is stable and mature?
Well, as quick response, to begin w
gards,
Theo Verelst
[EMAIL PROTECTED]
--
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Problem reports: http://cygwin.com/problems.html
Documentation: http://cygwin.com/docs.html
FAQ: http://cygwin.com/faq/
people from the CYGWIN scene interested in this
event ?
I'd say cygwin is one of the main forces of open source software,
and worth while fighting the good battle of unobscuriating
software games with.
Greetings,
Theo Verelst
[EMAIL PROTECTED]
http://theover.tripod.com
--
Unsubscribe
Hi everyone,
Does anyone know of a decent and generally useable setup with some USB
chip/board to get *normal* bit or byte-wise IO using a cygwin compiled PC
program and driver ? And if so, how...
Theo Verelst
http://home.tiscali.nl/theover
http://82.168.209.239/fosdem
http
I just figured out with diff that there's probably just one line in
error, which I commented out, and there some stuff removed.
It compiled again, but I still wonder how it all is with glu.h !
Theo.
--
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Problem re
?
Below's the short error output.
Tia
Theo
--
/home/Theo/Pmspick2 [515] $ make
gcc -c -DWIN32 -D__WIN32__ -D_WINDOW pick.c
In file included from /usr/include/GL/glut.h:132,
from pick.c:58:
/usr
be
compiled with cygwin.
Regards,
Theo Verelst
[EMAIL PROTECTED]
--
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Problem reports: http://cygwin.com/problems.html
Documentation: http://cygwin.com/docs.html
FAQ: http://cygwin.com/faq/
Christopher Faylor wrote:
On Sun, Jan 04, 2004 at 04:30:56PM +0100, Theo Verelst wrote:
Anyone know wether cygwin can pass file descriptors over unix sockets
(streams) so that a process can share its file descriptors with
another?
Nope. Sorry.
--
Is it not an option because of windows
Anyone know wether cygwin can pass file descriptors over unix sockets
(streams) so that a process can share its file descriptors with another?
Theo Verelst
[EMAIL PROTECTED]
latest diary page: http://195.241.128.75/Diary/ldiary15.html
--
Unsubscribe info: http://cygwin.com/ml
41 matches
Mail list logo
