Mail Archives: cygwin/2004/11/30/09:13:39

delorie.com/archives/browse.cgi

search

Mail Archives: cygwin/2004/11/30/09:13:39

Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm

List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>

List-Archive: <http://sourceware.org/ml/cygwin/>

List-Post: <mailto:cygwin AT cygwin DOT com>

List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>

Sender: cygwin-owner AT cygwin DOT com

Mail-Followup-To: cygwin AT cygwin DOT com

Delivered-To: mailing list cygwin AT cygwin DOT com

To: cygwin AT cygwin DOT com

From: Christian Weinberger <christian DOT weinberger AT directbox DOT com>

Subject: Re: Chrooted OpenSSH for Windows (rssh sftp cygwin)

Date: Tue, 30 Nov 2004 14:13:11 +0000 (UTC)

Lines: 28

Message-ID: <loom.20041130T143350-849@post.gmane.org>

References: <BDCD3861.3BCF%john AT recaffeinated DOT com>

Mime-Version: 1.0

X-Complaints-To: usenet AT sea DOT gmane DOT org

X-Gmane-NNTP-Posting-Host: main.gmane.org

User-Agent: Loom/3.14 (http://gmane.org/)

X-Loom-IP: 62.180.31.25 (Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0))

X-IsSubscribed: yes

John M. L. <john <at> recaffeinated.com> writes:
> I've been trying to implement an sftp server using OpenSSH for Windows
> (http://sshwindows.sourceforge.net).  I haven't found much recent discussion
> on th topic of running OpenSSH in a chrooted jail on cygwin, but the
> following messages from a year ago have shed some light on the topic:

I solved exactly the same problem using scponly 
(http://www.sublimation.org/scponly/)
.
The current version compiles easily under recent Cygwin releases.
You only have to modify the Makefile to include some libraries explicitly.

IÂ´d always try to have a binary as a chroot stub and not a shell script. If you 
use a shell script, you need bash and several supplemental programs in the 
chroot jail which all may contain security leaks.

The tool that I used has a make option to prepare the chroot jail. It copies 
all required files to the jail. So you may learn from it even if you decide to 
stay with rssh.

YouÂ´ve to make another decision:
Do you only need to support sftp protocol version 2 or also older versions.
In the first case it should be sufficient to have sftp-server.exe in the chroot 
jail (plus a passwd & group). In the second case, youÂ´ll need to have things 
like bash, ls, rm and others again.

Hope this helps a bit!
Christian

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

- Raw text -

webmaster	delorie software privacy
Copyright © 2019 by DJ Delorie	Updated Jul 2019

Mailing-List:	contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Subscribe:	<mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive:	<http://sourceware.org/ml/cygwin/>
List-Post:	<mailto:cygwin AT cygwin DOT com>
List-Help:	<mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender:	cygwin-owner AT cygwin DOT com
Mail-Followup-To:	cygwin AT cygwin DOT com
Delivered-To:	mailing list cygwin AT cygwin DOT com
To:	cygwin AT cygwin DOT com
From:	Christian Weinberger <christian DOT weinberger AT directbox DOT com>
Subject:	Re: Chrooted OpenSSH for Windows (rssh sftp cygwin)
Date:	Tue, 30 Nov 2004 14:13:11 +0000 (UTC)
Lines:	28
Message-ID:	<loom.20041130T143350-849@post.gmane.org>
References:	<BDCD3861.3BCF%john AT recaffeinated DOT com>
Mime-Version:	1.0
X-Complaints-To:	usenet AT sea DOT gmane DOT org
X-Gmane-NNTP-Posting-Host:	main.gmane.org
User-Agent:	Loom/3.14 (http://gmane.org/)
X-Loom-IP:	62.180.31.25 (Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0))
X-IsSubscribed:	yes