On Sat, Mar 30, 2002 at 10:24:28PM -0500, Jon McCain wrote: > I've been playing around with the scp and sftp components of putty and > noticed what I consider a security hole. Winscp does the same thing. > The user can change to directories above their home. Is there a way to > chroot them like you can in an ftp config file? I don't see anything in > the sshd config files. If you can't, how can I disable the scp > functionality? I'm not talking about scp from the linux box. The users > don't have shell access so that's not a problem. I'm referring to > remote people using a scp client to access my linux machine. You can > disable sftp ability by removing the sftp-server program but the scp > server part seems to be part of sshd. > > I did not see anything about this issue on the openssh web site. > Anybody got any suggestions? > I've got a debian package with the chroot patch enabled, and search this mailing list, there was some discussions about that last year. You can get my package for woody here: http://debian.home-dn.net/woody/ ssh/ Debian people question: What about making a ssh-chroot package, made of the current ssh package and just the chroot patch enabled? It will be easier to maintains systems with the need of chroot and, as it will be more used, there will be more people to really audit it! -- Easter-eggs Spécialiste GNU/Linux 44-46 rue de l'Ouest - 75014 Paris - France - Métro Gaité Phone: +33 (0) 1 43 35 00 37 - Fax: +33 (0) 1 41 35 00 76 mailto:elacour@easter-eggs.com - http://www.easter-eggs.com
Attachment:
pgp3Uarj2Mb20.pgp
Description: PGP signature