I've been playing around with the scp and sftp components of putty and noticed what I consider a security hole. Winscp does the same thing. The user can change to directories above their home. Is there a way to chroot them like you can in an ftp config file? I don't see anything in the sshd config files. If you can't, how can I disable the scp functionality? I'm not talking about scp from the linux box. The users don't have shell access so that's not a problem. I'm referring to remote people using a scp client to access my linux machine. You can disable sftp ability by removing the sftp-server program but the scp server part seems to be part of sshd.
I did not see anything about this issue on the openssh web site. Anybody got any suggestions? -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
