X-Recipient: archive-cygwin AT delorie DOT com
X-Spam-Check-By: sourceware.org
X-YMail-OSG: v8N9LRwVM1mrg8VpFB6_ibVUIy929TaVj.Bdo1C4rD6rsSzqA.pXOBdr2pxCSJX.0NOw8M9zt6SXilpDdq4bQ6P1.ZmlP0BUdmjkiVgPZjdcQ3hIxleeVDZWbxzhd7MZSk2FJqsD03LzVUQdONEL9rD5Ily1hw.R3eHLPJJM1X16k3QyxEVOO8lQXwNJ
X-Mailer: YahooMailWebService/0.7.260.1
Date: Tue, 18 Nov 2008 00:02:41 -0800 (PST)
From: TheO <idgajelas AT yahoo DOT com>
Reply-To: idgajelas AT yahoo DOT com
Subject: Re: SFTP doesn't work with ChrootDirectory option set
To: cygwin AT cygwin DOT com, Eric Blake <ebb9 AT byu DOT net>
In-Reply-To: <49222995.5030609@byu.net>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Message-ID: <731070.50337.qm@web34701.mail.mud.yahoo.com>
Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
Precedence: bulk
List-Id: <cygwin.cygwin.com>
List-Unsubscribe: <mailto:cygwin-unsubscribe-archive-cygwin=delorie DOT com AT cygwin DOT com>
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com

Actually my real objective is to use chroot for SFTP. I am planning to disable ssh login in the final configuration, I was using ssh just for testing the sshd capability for chrooting.



--- On Mon, 11/17/08, Eric Blake <ebb9 AT byu DOT net> wrote:

> From: Eric Blake <ebb9 AT byu DOT net>
> Subject: Re: SFTP doesn't work with ChrootDirectory option set
> To: cygwin AT cygwin DOT com, idgajelas AT yahoo DOT com
> Date: Monday, November 17, 2008, 9:33 PM
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> According to TheO on 11/17/2008 2:24 PM:
> > Hi,
> > 
> > I have Cygwin with OpenSSH version 5.1p1-9 installed.
> > 
> > I managed to make ssh with chroot to work by using
> ChrootDirectory in sshd_config and copying /bin/bash to the
> chroot directory.
> 
> chroot on cygwin is NOT a security measure; it is just an
> emulation to
> ease porting.  The API exists, and allows cygwin apps to
> recognize a
> different root.  But the fact remains that you can spawn a
> non-cygwin
> program, which doesn't honor the chroot, and all files
> outside of the
> chroot area are once again accessible.  Therefore, if
> chroot doesn't add
> security, then why should ssh, which is all about security,
> even try to
> honor ChrootDirectory?
> 
> - --
> Don't work too hard, make some time for fun as well!
> 
> Eric Blake             ebb9 AT byu DOT net
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.9 (Cygwin)
> Comment: Public key at
> home.comcast.net/~ericblake/eblake.gpg
> Comment: Using GnuPG with Mozilla -
> http://enigmail.mozdev.org
> 
> iEYEARECAAYFAkkiKZUACgkQ84KuGfSFAYDMIQCbBEepLUjJ240okbIMiNLMMkAy
> pTUAnRb+554LLKQMKNeZNB+2u7YjIXIG
> =50X0
> -----END PGP SIGNATURE-----


      

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/