Slashdot Mirror

← Back to Stories (view on slashdot.org)

Chroot in OpenSSH

Posted by ScuttleMonkey on from the making-life-easier-always-my-goal dept.

bsdphx writes "OpenSSH developers Damien Miller and Markus Friedl have recently added a nifty feature to make life easier for admins. Now you can easily lock an SSH session into a chroot directory, restrict them to a built-in sftp server and apply these settings per user. And it's dead simple to do. If you need to allow semi-trusted people on your computers, then you want this bad!"

2 of 62 comments (clear)

  1. Re:Why bother? by Wesley+Felter · · Score: 3, Interesting

    Didn't we just read that chroot "jails" are not secure? I've read those arguments and find them confusing. Sure, root can break out of a chroot, but what about non-root users?
  2. all that for sftp? by sgt+scrub · · Score: 3, Interesting

    It is cool tech but not the way I would do things. WebDav with ApacheSSL properly installed is lots safer. IMHO there should never be user accounts on a machine, other than root and the person administrating the box.

    --
    Having to work for a living is the root of all evil.