Slashdot Mirror

← Back to Stories (view on slashdot.org)

Chroot in OpenSSH

Posted by ScuttleMonkey on from the making-life-easier-always-my-goal dept.

bsdphx writes "OpenSSH developers Damien Miller and Markus Friedl have recently added a nifty feature to make life easier for admins. Now you can easily lock an SSH session into a chroot directory, restrict them to a built-in sftp server and apply these settings per user. And it's dead simple to do. If you need to allow semi-trusted people on your computers, then you want this bad!"

4 of 62 comments (clear)

  1. Re:Why bother? by Wesley+Felter · · Score: 3, Interesting

    Didn't we just read that chroot "jails" are not secure? I've read those arguments and find them confusing. Sure, root can break out of a chroot, but what about non-root users?
  2. Oh thank god by Just+Some+Guy · · Score: 2, Interesting

    Now I can finally switch some customers from FTP to SFTP. Thanks for making this hugely useful change!

    Anyone know if SFTP logging will be added any time soon? That's the last missing feature i always have to manually patch in.

    --
    Dewey, what part of this looks like authorities should be involved?
  3. Does This Mean by ajs318 · · Score: 2, Interesting

    Does this mean that I can give users shell access, by placing (hard links to) a stripped-down busybox and ash in $HOME/bin, and they won't be able to access anything outside the chroot environment? That could be sweet.

    --
    Je fume. Tu fumes. Nous fûmes!
  4. all that for sftp? by sgt+scrub · · Score: 3, Interesting

    It is cool tech but not the way I would do things. WebDav with ApacheSSL properly installed is lots safer. IMHO there should never be user accounts on a machine, other than root and the person administrating the box.

    --
    Having to work for a living is the root of all evil.