[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]

Re: [LUG] Has anyone setup a user jail?

To: list@xxxxxxxxxxxxx
Subject: Re: [LUG] Has anyone setup a user jail?
From: Robin Cornelius <robin.cornelius@xxxxxxxxx>
Date: Tue, 10 Feb 2009 18:49:53 +0000

Sam Grabham wrote:
> Hi
>  
> I have a client that wishes to use sftp over a trusted key ssh connection.
>  
> The problem is that if they use something like winscp, they can browse
> around the file structure and view file content.

There is a sshd patch around (may be its included now with sshd) that
allows exactly this, it logs the user into a chroot after the sshd
authentication, this sounds along the right lines :-

http://www.debian-administration.org/articles/590

I think the biggest drawback with this is that its not necessary that
hard to break out of a jail if you have shell access from ssh and that
should then be considered the weakest link.

Robin

Attachment: signature.asc
Description: OpenPGP digital signature

-- 
The Mailing List for the Devon & Cornwall LUG
http://mailman.dclug.org.uk/listinfo/list
FAQ: http://www.dcglug.org.uk/linux_adm/list-faq.html

References:
- [LUG] Has anyone setup a user jail?
  - From: Sam Grabham

Prev by Date: Re: [LUG] [ubuntu-uk] Help get Windows out of schools
Next by Date: [LUG] computer fairs - an alternative plan
Previous by thread: Re: [LUG] Has anyone setup a user jail?
Next by thread: Re: [LUG] Has anyone setup a user jail?
Index(es):
- Date
- Thread