[2335] in linux-security and linux-alert archive
[linux-security] Re: ssh and chroot...
daemon@ATHENA.MIT.EDU (David LaPorte)
Thu May 18 19:57:07 2000
X-Reply-To: <david_laporte@harvard.edu>
From: "David LaPorte" <david_laporte@harvard.edu>
To: "Mike Bowie" <mike@goforgold.com>, <linux-security@redhat.com>
Date: Mon, 8 May 2000 23:13:49 -0400
Message-ID: <LPBBKOBLDKJIOOLEIEHHEECMHKAA.david_laporte@harvard.edu>
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_NextPart_000_0019_01BFB943.116DD020"
In-Reply-To: <000801bfaa38$a6b6c6b0$bfd6b9d1@csfs01>
Resent-From: linux-security@redhat.com
This is a multi-part message in MIME format.
------=_NextPart_000_0019_01BFB943.116DD020
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
I did something similar with telnetd by hacking login to accept an option
that specified a directory to chroot to and specifying it via telnetd "-L"
option. I suppose the same thing would work with ssh if you compiled with
the "--with-login" option. Let me know if you'd like the (admittedly
trivial) patch for login.c.
Dave LaPorte
-----Original Message-----
From: Mike Bowie [mailto:mike@goforgold.com]
Sent: Wednesday, April 19, 2000 3:51 PM
To: linux-security@redhat.com
Subject: [linux-security] ssh and chroot...
I have a RedHat 6.0 x86 server which is serving a number of minor things,
which I wish to add shell access to.
I'm currently running sshd and am quite happy with it, the exceptiong
being that I am unable to make sshd perform a chroot for shell account
users.
I have been reading man pages and howto's, many of which discuss sshd or
chroot, but never the two together.
Is this not an option? Or an I missing the point?
Mike.
------=_NextPart_000_0019_01BFB943.116DD020
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META content=3D"text/html; charset=3Diso-8859-1" =
http-equiv=3DContent-Type>
<META content=3D"MSHTML 5.00.2920.0" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=3D#ffffff>
<DIV><FONT color=3D#0000ff face=3DArial size=3D2><SPAN =
class=3D739370103-09052000>I did=20
something similar with telnetd by hacking login to accept an option that =
specified a directory to chroot to and specifying it via telnetd "-L"=20
option. I suppose the same thing would work with ssh if you =
compiled with=20
the "--with-login" option. Let me know if you'd like the =
(admittedly=20
trivial) patch for login.c.</SPAN></FONT></DIV>
<DIV><FONT color=3D#0000ff face=3DArial size=3D2><SPAN=20
class=3D739370103-09052000><BR>Dave LaPorte</SPAN></FONT></DIV>
<BLOCKQUOTE style=3D"MARGIN-RIGHT: 0px">
<DIV align=3Dleft class=3DOutlookMessageHeader dir=3Dltr><FONT =
face=3DTahoma=20
size=3D2>-----Original Message-----<BR><B>From:</B> Mike Bowie=20
[mailto:mike@goforgold.com]<BR><B>Sent:</B> Wednesday, April 19, 2000 =
3:51=20
PM<BR><B>To:</B> linux-security@redhat.com<BR><B>Subject:</B> =
[linux-security]=20
ssh and chroot...<BR><BR></DIV></FONT>
<DIV><FONT face=3DArial size=3D2>I have a RedHat 6.0 x86 server which =
is serving a=20
number of minor things, which I wish to add shell access =
to.</FONT></DIV>
<DIV> </DIV>
<DIV><FONT face=3DArial size=3D2>I'm currently running sshd and am =
quite happy=20
with it, the exceptiong being that I am unable to make sshd perform a =
chroot=20
for shell account users.</FONT></DIV>
<DIV> </DIV>
<DIV><FONT face=3DArial size=3D2>I have been reading man pages and =
howto's, many=20
of which discuss sshd or chroot, but never the two =
together.</FONT></DIV>
<DIV> </DIV>
<DIV><FONT face=3DArial size=3D2>Is this not an option? Or an I =
missing the=20
point?</FONT></DIV>
<DIV> </DIV>
<DIV><FONT face=3DArial =
size=3D2>Mike.</FONT></DIV></BLOCKQUOTE></BODY></HTML>
------=_NextPart_000_0019_01BFB943.116DD020--
--
----------------------------------------------------------------------
Please refer to the information about this list as well as general
information about Linux security at http://www.aoy.com/Linux/Security.
----------------------------------------------------------------------
To unsubscribe:
mail -s unsubscribe linux-security-request@redhat.com < /dev/null
