Francesc Dantí wrote:
Hi,
How can I do a chroot when a user login in the server? My idea is that when somebody logs in (with ssh) he/she can't get access to my files.
What about editing a script that when it makes a chroot, finaly runs the correct shell? That's creating a new shell that only includes the line "chroot ~" and finally runs sh. When I try it, it returns me that I have no permision. Is it a good idea? I'm new in linux world, and i supose it's a very simple question, but i don't find anything in manuals or texts...
[Please wrap your lines at 72 characters. Thanks.]
From the debian security mailinglist:
-------- Original Message --------
Subject: Re: scp and sftp
Resent-From: debian-security@lists.debian.org
Date: Sun, 31 Mar 2002 00:11:28 -0800
From: "Christian G. Warden"
I've been playing around with the scp and sftp components of putty and noticed what I consider a security hole. Winscp does the same thing. The user can change to directories above their home. Is there a way to chroot them like you can in an ftp config file? I don't see anything in the sshd config files. If you can't, how can I disable the scp functionality? I'm not talking about scp from the linux box. The users don't have shell access so that's not a problem. I'm referring to remote people using a scp client to access my linux machine. You can disable sftp ability by removing the sftp-server program but the scp server part seems to be part of sshd.
I did not see anything about this issue on the openssh web site. Anybody got any suggestions?
For more on this topic take a look at the debian security list archive. HTH GTi