Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com
To: cygwin AT cygwin DOT com
From: Christian Weinberger <christian DOT weinberger AT directbox DOT com>
Subject: Re: Chrooted OpenSSH for Windows (rssh sftp cygwin)
Date: Tue, 30 Nov 2004 14:13:11 +0000 (UTC)
Lines: 28
Message-ID: <loom.20041130T143350-849@post.gmane.org>
References: <BDCD3861.3BCF%john AT recaffeinated DOT com>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Complaints-To: usenet AT sea DOT gmane DOT org
X-Gmane-NNTP-Posting-Host: main.gmane.org
User-Agent: Loom/3.14 (http://gmane.org/)
X-Loom-IP: 62.180.31.25 (Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0))
X-IsSubscribed: yes

John M. L. <john <at> recaffeinated.com> writes:
> I've been trying to implement an sftp server using OpenSSH for Windows
> (http://sshwindows.sourceforge.net).  I haven't found much recent discussion
> on th topic of running OpenSSH in a chrooted jail on cygwin, but the
> following messages from a year ago have shed some light on the topic:

I solved exactly the same problem using scponly 
(http://www.sublimation.org/scponly/)
.
The current version compiles easily under recent Cygwin releases.
You only have to modify the Makefile to include some libraries explicitly.

I´d always try to have a binary as a chroot stub and not a shell script. If you 
use a shell script, you need bash and several supplemental programs in the 
chroot jail which all may contain security leaks.

The tool that I used has a make option to prepare the chroot jail. It copies 
all required files to the jail. So you may learn from it even if you decide to 
stay with rssh.

You´ve to make another decision:
Do you only need to support sftp protocol version 2 or also older versions.
In the first case it should be sufficient to have sftp-server.exe in the chroot 
jail (plus a passwd & group). In the second case, you´ll need to have things 
like bash, ls, rm and others again.

Hope this helps a bit!
Christian


--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/