Mail Archives: cygwin/2008/11/18/03:03:40
Actually my real objective is to use chroot for SFTP. I am planning to disable ssh login in the final configuration, I was using ssh just for testing the sshd capability for chrooting.
--- On Mon, 11/17/08, Eric Blake <ebb9 AT byu DOT net> wrote:
> From: Eric Blake <ebb9 AT byu DOT net>
> Subject: Re: SFTP doesn't work with ChrootDirectory option set
> To: cygwin AT cygwin DOT com, idgajelas AT yahoo DOT com
> Date: Monday, November 17, 2008, 9:33 PM
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> According to TheO on 11/17/2008 2:24 PM:
> > Hi,
> >
> > I have Cygwin with OpenSSH version 5.1p1-9 installed.
> >
> > I managed to make ssh with chroot to work by using
> ChrootDirectory in sshd_config and copying /bin/bash to the
> chroot directory.
>
> chroot on cygwin is NOT a security measure; it is just an
> emulation to
> ease porting. The API exists, and allows cygwin apps to
> recognize a
> different root. But the fact remains that you can spawn a
> non-cygwin
> program, which doesn't honor the chroot, and all files
> outside of the
> chroot area are once again accessible. Therefore, if
> chroot doesn't add
> security, then why should ssh, which is all about security,
> even try to
> honor ChrootDirectory?
>
> - --
> Don't work too hard, make some time for fun as well!
>
> Eric Blake ebb9 AT byu DOT net
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.9 (Cygwin)
> Comment: Public key at
> home.comcast.net/~ericblake/eblake.gpg
> Comment: Using GnuPG with Mozilla -
> http://enigmail.mozdev.org
>
> iEYEARECAAYFAkkiKZUACgkQ84KuGfSFAYDMIQCbBEepLUjJ240okbIMiNLMMkAy
> pTUAnRb+554LLKQMKNeZNB+2u7YjIXIG
> =50X0
> -----END PGP SIGNATURE-----
--
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Problem reports: http://cygwin.com/problems.html
Documentation: http://cygwin.com/docs.html
FAQ: http://cygwin.com/faq/
- Raw text -