X-Recipient: archive-cygwin AT delorie DOT com
X-Spam-Check-By: sourceware.org
Message-ID: <4936FEA1.705@cygwin.com>
Date: Wed, 03 Dec 2008 16:48:17 -0500
From: "Larry Hall (Cygwin)" <reply-to-list-only-lh AT cygwin DOT com>
Reply-To: cygwin AT cygwin DOT com
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.18) Gecko/20081120 Remi/2.0.0.18-1.fc8.remi Lightning/0.9 Thunderbird/2.0.0.18 Mnenhy/0.7.5.0
MIME-Version: 1.0
To: cygwin AT cygwin DOT com
Subject: Re: Finally managed to create a jailed SFTP server, but how secure?
References: <664060 DOT 6380 DOT qm AT web34704 DOT mail DOT mud DOT yahoo DOT com> <49341625 DOT 2090804 AT cygwin DOT com> <933558 DOT 98400 DOT qm AT web34705 DOT mail DOT mud DOT yahoo DOT com> <4934527E DOT 2070200 AT cygwin DOT com> <961872 DOT 64997 DOT qm AT web34701 DOT mail DOT mud DOT yahoo DOT com> <493568B8 DOT 3010308 AT cygwin DOT com> <49376 DOT 99112 DOT qm AT web34702 DOT mail DOT mud DOT yahoo DOT com> <20081202231141 DOT GA5449 AT ednor DOT casa DOT cgf DOT cx> <451120 DOT 45664 DOT qm AT web34703 DOT mail DOT mud DOT yahoo DOT com> <4935DD4B DOT 7050907 AT cygwin DOT com> <690548 DOT 2534 DOT qm AT web34702 DOT mail DOT mud DOT yahoo DOT com>
In-Reply-To: <690548.2534.qm@web34702.mail.mud.yahoo.com>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id: <cygwin.cygwin.com>
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com

TheO wrote:
> Larry Hall wrote:
>> No, you cannot hide it.  It is created by Cygwin itself as a convenience
>> to access the virtual 'cygdrive' directory.  This is one of a number of
>> virtual directories ('/proc' and '/dev' come to mind) that Cygwin supports.
>> See the description of "Special filenames" in the User's Guide for more
>> details.
>>
> 
> I understand why all these virtual directories are necessary at the absolute
> '/' root level. But here I refer to /cygdrive which is created inside the jail
> directory, which means in absolute path, /jail/cygdrive (/jail being the root 
> of my jail). Inside the jail, only /cygdrive is created, no other virtual 
> directories (/proc or /dev/xxx) or files are created.

Created or not, they exist.  Try it.

>> In 1.7, there is a
>> new authentication module that will solve these and other pubkey
>> authentication problems.  But 1.7 is not currently released and it's
>> release date is not decided.
>>
> 
> Thanks for this input. I suppose that to be on safe side, I must restrict 
> it to password based authentication only if I use the current Cygwin.

This removes the impersonation piece of the puzzle, yes.

> And finally one more question. I am only aware of two subsystems supported
> by sshd more or less implicitely; sftp and shell (interactive logon). Is there
> any other subsystems which are handled by sshd implicitely (without me having
> to add anything to /etc/sshd_config)?

Can't answer that.


-- 
Larry Hall                              http://www.rfk.com
RFK Partners, Inc.                      (508) 893-9779 - RFK Office
216 Dalton Rd.                          (508) 893-9889 - FAX
Holliston, MA 01746

_____________________________________________________________________

A: Yes.
 > Q: Are you sure?
 >> A: Because it reverses the logical flow of conversation.
 >>> Q: Why is top posting annoying in email?

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/