| delorie.com/archives/browse.cgi | search |
| X-Recipient: | archive-cygwin AT delorie DOT com |
| X-Spam-Check-By: | sourceware.org |
| Date: | Wed, 19 Nov 2008 15:05:31 +0100 |
| From: | Corinna Vinschen <corinna-cygwin AT cygwin DOT com> |
| To: | cygwin AT cygwin DOT com |
| Subject: | Re: SFTP doesn't work with ChrootDirectory option set |
| Message-ID: | <20081119140531.GG9927@calimero.vinschen.de> |
| Reply-To: | cygwin AT cygwin DOT com |
| Mail-Followup-To: | cygwin AT cygwin DOT com |
| References: | <49222995 DOT 5030609 AT byu DOT net> <916107 DOT 19573 DOT qm AT web34701 DOT mail DOT mud DOT yahoo DOT com> |
| MIME-Version: | 1.0 |
| In-Reply-To: | <916107.19573.qm@web34701.mail.mud.yahoo.com> |
| User-Agent: | Mutt/1.5.16 (2007-06-09) |
| Mailing-List: | contact cygwin-help AT cygwin DOT com; run by ezmlm |
| List-Id: | <cygwin.cygwin.com> |
| List-Unsubscribe: | <mailto:cygwin-unsubscribe-archive-cygwin=delorie DOT com AT cygwin DOT com> |
| List-Subscribe: | <mailto:cygwin-subscribe AT cygwin DOT com> |
| List-Archive: | <http://sourceware.org/ml/cygwin/> |
| List-Post: | <mailto:cygwin AT cygwin DOT com> |
| List-Help: | <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs> |
| Sender: | cygwin-owner AT cygwin DOT com |
| Mail-Followup-To: | cygwin AT cygwin DOT com |
| Delivered-To: | mailing list cygwin AT cygwin DOT com |
On Nov 19 05:37, TheO wrote: > Hi Corina, > > I agree with you on the fact that it's difficult to have full protection from Cygwin for ssh login. > > But my main concern is SFTP. What can a user do with SFTP if he is jailed in Cygwin? He can only see, upload, download files in the allowed directories using SFTP and can't execute anything. So in my opinion the risk is very low to enable jailed SFTP in Cygwin. > > The strange fact is that, Cygwin does allow jailed SSH but not jailed SFTP. Shouldn't it be the other way around if security is a big concern? There's some likelihood that you did something wrong. You must copy everything required to run sftp to the jail and then some. Cygwin certainly doesn't exclude sftp from working because it doesn't like the protocol... Corinna -- Corinna Vinschen Please, send mails regarding Cygwin to Cygwin Project Co-Leader cygwin AT cygwin DOT com Red Hat -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/
| webmaster | delorie software privacy |
| Copyright © 2019 by DJ Delorie | Updated Jul 2019 |