X-Recipient: archive-cygwin AT delorie DOT com
X-Spam-Check-By: sourceware.org
Date: Mon, 1 Dec 2008 08:20:47 -0800 (PST)
From: TheO <idgajelas AT yahoo DOT com>
Reply-To: idgajelas AT yahoo DOT com
Subject: Finally managed to create a jailed SFTP server, but how secure?
To: cygwin AT cygwin DOT com
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Message-ID: <664060.6380.qm@web34704.mail.mud.yahoo.com>
X-IsSubscribed: yes
Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id: <cygwin.cygwin.com>
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com

Hi,

I finally managed to create a chroot'ed (jailed) SFTP environment under Cygwin. Here are my steps which may be useful for others:

- All directories from root to the chroot directory must be owned by UID 0 and GID 0. For example, if you want to jail users in /jail then / and /jail must belong to (0, 0). In my setup, I set Administrator user to be (0, 0) in /etc/passwd.

- The home directory for user as declared in /etc/passwd must be created under this chroot directory too, for example, /jail/home/user must exist too and belong to user.

- Use internal-sftp for Subsystem sftp

So my minimum directory structure is as follow:

    /jail
    /jail/home
    /jail/home/user
    /home/user

If you want to enable public key authentication, then the following must exist too:

    /home/user/.ssh
    /home/user/.ssh/authorized_keys

My /etc/sshd_config contains:

    ChrootDirectory   /jail
    Subsystem   sftp  internal-sftp

After configuring the user's public key in /home/user/.ssh/authorized_keys, he can log on using SFTP with his private key and  could see only the following limited directory structure:

    /
    /home
    /home/user
    /cygdrive

Yes, /cygdrive is there too and stragely but fortunately, it is empty. I didn't copy /bin/bash to the jailed directory. So interactive session using SSH will fail (which is what I want).

As far as I am concerned, user's view is restricted enough to what I allow them to see and do. If I revoke user's rights to write to any directory except /jail/home/user, then he should only be able to upload files to his jailed home directory.

My question is, how secure is Cygwin as SFTP server set up this way? Is there any security hole I don't know yet?




      

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/