Mailinglist Archive: opensuse-security (670 mails)
| < Previous | Next > |
Re: [suse-security] ssh-chrootmgr on SuSE 7.2
- From: Michael Buchau <michael.buchau@xxxxxxxxxx>
- Date: Thu, 15 Nov 2001 00:11:17 +0100
- Message-id: <3BF2FA14.EE9CCD40@xxxxxxxxxx>
stephane parenton wrote:
>
> Hi everyone,
>
> I'm looking for a solution to restrict a user ssh'ing a box to go
> everywhere. A doc about ssh pointed me upon ssh-chrootmgr that seems to
> do what I want... But I have to re-compile ssh statically it seems.
>
> Does anybody ever did this ? if yes what are the traps i may encounter ?
> can I simply take the sources and configure/make/make install it without
> any problem while having already a ssh installed. (should I have to
> remove it or can I just overwrite it ?)
Hi Stephane,
if you look into the contrib directory of the OpenSSH source tree,
you'll find a small patch called "chroot.diff". This adds chroot
functionality to the ssh server using '/./' tokens in /etc/passwd.
Unfortunately, the patch isn't quite up to date and doesn't apply
cleanly to recent OpenSSH versions, so you would have to apply it
manually. Or drop me a note and I'll send you a patch that works.
You would have to recompile OpenSSH, but it does not have to be linked
statically to use the chroot functionality.
Mike
>
> Hi everyone,
>
> I'm looking for a solution to restrict a user ssh'ing a box to go
> everywhere. A doc about ssh pointed me upon ssh-chrootmgr that seems to
> do what I want... But I have to re-compile ssh statically it seems.
>
> Does anybody ever did this ? if yes what are the traps i may encounter ?
> can I simply take the sources and configure/make/make install it without
> any problem while having already a ssh installed. (should I have to
> remove it or can I just overwrite it ?)
Hi Stephane,
if you look into the contrib directory of the OpenSSH source tree,
you'll find a small patch called "chroot.diff". This adds chroot
functionality to the ssh server using '/./' tokens in /etc/passwd.
Unfortunately, the patch isn't quite up to date and doesn't apply
cleanly to recent OpenSSH versions, so you would have to apply it
manually. Or drop me a note and I'll send you a patch that works.
You would have to recompile OpenSSH, but it does not have to be linked
statically to use the chroot functionality.
Mike
| < Previous | Next > |