[2334] in linux-security and linux-alert archive
[linux-security] Re: ssh and chroot...
daemon@ATHENA.MIT.EDU (Jan Kasprzak)
Thu May 18 19:20:28 2000
From: Jan Kasprzak <kas@informatics.muni.cz>
Date: Tue, 9 May 2000 22:11:18 +0200
To: Mike Bowie <mike@goforgold.com>
Cc: linux-security@redhat.com
Message-ID: <20000509221118.E857@informatics.muni.cz>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
In-Reply-To: <000801bfaa38$a6b6c6b0$bfd6b9d1@csfs01>; from mike@goforgold.com on Wed, Apr 19, 2000 at 12:51:26PM -0700
Resent-From: linux-security@redhat.com
Mike Bowie wrote:
: I have a RedHat 6.0 x86 server which is serving a number of minor things, which I wish to add shell access to.
:
: I'm currently running sshd and am quite happy with it, the exceptiong being that I am unable to make sshd perform a chroot for shell account users.
:
: I have been reading man pages and howto's, many of which discuss sshd or chroot, but never the two together.
:
: Is this not an option? Or an I missing the point?
I think the most trivial option would be to use the "UseLogin yes"
in sshd_config. /bin/login can handle chroot well, AFAIK. OTOH you will
lose the RSA authentication ability then.
The more clean, but hard way would be to extend the sshd-pam
patch to allow chroot.
-Yenya
--
\ Jan "Yenya" Kasprzak <kas at fi.muni.cz> http://www.fi.muni.cz/~kas/
\\ PGP: finger kas at aisa.fi.muni.cz 0D99A7FB206605D7 8B35FCDE05B18A5E //
\\\ Czech Linux Homepage: http://www.linux.cz/ ///
\\\\ I could be wrong, of course. But I'm never wrong. -Linus ////
--
----------------------------------------------------------------------
Please refer to the information about this list as well as general
information about Linux security at http://www.aoy.com/Linux/Security.
----------------------------------------------------------------------
To unsubscribe:
mail -s unsubscribe linux-security-request@redhat.com < /dev/null
