Re: Is it possible to chroot scp?
On Mon, 12 Mar 2001, Alexander Hvostov wrote:
> jurie@firefly.coggles.net wrote:
>
> > Hello.
> >
> > plaintext. I am currently useing proftpd, as I also require the
> > ability to chroot users into thier own directories. Now, essentialy
> > do an scp from it) I have found a few, such as ixplorer and winSCP,
> > however, again, they allow one to specify a directory above thier
> > home.
> >
> > I have heard that the commercial ssh version offers the ability to
> > chroot, but I would rather stay with OpenSSH if I can.
> A PAM module is apparently a work-in-progress to perform chroot() at the
> PAM level. Email Bruce Campbell <brucec@humbug.org.au> and ask about its
> status.
The above is one of my (rather) old addresses, and the above project is
again one of my (rather) old projects.
No code for pam_chroot was ever publically released as my implementation,
to be honest, sucked. It was in use for about 18 months when that machine
shifted to FreeBSD instead of Linux. ( and this is not an OS war ;) )
The current PAM login module does (I think) have chroot functionality
which may help you, otherwise you could patch your ssh daemon to observe
the '/./' trickery in the user's home directory path (which is how wuftpd
does it and how I did it, see wuftpd code), eg (passwd file):
# Chroot to /allhomes
/allhomes/./joebloggs
OR
# Chroot to /allhomes/joebloggs
/allhomes/joebloggs/./
Obviously, I'm not Bruce Campbell the actor ;)
--==--
Bruce.
BC666-AP
Reply to: