X-Recipient: archive-cygwin@delorie.com X-Spam-Check-By: sourceware.org Date: Wed, 19 Nov 2008 15:05:31 +0100 From: Corinna Vinschen To: cygwin@cygwin.com Subject: Re: SFTP doesn't work with ChrootDirectory option set Message-ID: <20081119140531.GG9927@calimero.vinschen.de> Reply-To: cygwin@cygwin.com Mail-Followup-To: cygwin@cygwin.com References: <49222995.5030609@byu.net> <916107.19573.qm@web34701.mail.mud.yahoo.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <916107.19573.qm@web34701.mail.mud.yahoo.com> User-Agent: Mutt/1.5.16 (2007-06-09) Mailing-List: contact cygwin-help@cygwin.com; run by ezmlm Precedence: bulk List-Id: List-Unsubscribe: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner@cygwin.com Mail-Followup-To: cygwin@cygwin.com Delivered-To: mailing list cygwin@cygwin.com On Nov 19 05:37, TheO wrote: > Hi Corina, > > I agree with you on the fact that it's difficult to have full protection from Cygwin for ssh login. > > But my main concern is SFTP. What can a user do with SFTP if he is jailed in Cygwin? He can only see, upload, download files in the allowed directories using SFTP and can't execute anything. So in my opinion the risk is very low to enable jailed SFTP in Cygwin. > > The strange fact is that, Cygwin does allow jailed SSH but not jailed SFTP. Shouldn't it be the other way around if security is a big concern? There's some likelihood that you did something wrong. You must copy everything required to run sftp to the jail and then some. Cygwin certainly doesn't exclude sftp from working because it doesn't like the protocol... Corinna -- Corinna Vinschen Please, send mails regarding Cygwin to Cygwin Project Co-Leader cygwin AT cygwin DOT com Red Hat -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/