On Sat, Mar 30, 2002 at 10:24:28PM -0500, Jon McCain wrote:
> I've been playing around with the scp and sftp components of putty and
> noticed what I consider a security hole.  Winscp does the same thing. 
> The user can change to directories above their home.  Is there a way to
> chroot them like you can in an ftp config file?  I don't see anything in
> the sshd config files.  If you can't, how can I disable the scp
> functionality?  I'm not talking about scp from the linux box.  The users
> don't have shell access so that's not a problem.  I'm referring to
> remote people using a scp client to access my linux machine.  You can
> disable sftp ability by removing the sftp-server program but the scp
> server part seems to be part of sshd.
> I did not see anything about this issue on the openssh web site. 
> Anybody got any suggestions?

I've got a debian package with the chroot patch enabled, and search this
mailing list, there was some discussions about that last year.

You can get my package for woody here:

http://debian.home-dn.net/woody/ ssh/

Debian people question:

What about making a ssh-chroot package, made of the current ssh package
and just the chroot patch enabled? It will be easier to maintains systems
with the need of chroot and, as it will be more used, there will be more
people to really audit it!

Easter-eggs                                Spécialiste GNU/Linux
44-46 rue de l'Ouest  -  75014 Paris   -   France -  Métro Gaité
Phone: +33 (0) 1 43 35 00 37    -     Fax: +33 (0) 1 41 35 00 76
mailto:[EMAIL PROTECTED]   -    http://www.easter-eggs.com

Attachment: pgpHsuWMebkjt.pgp
Description: PGP signature

Reply via email to