On Thu, 5 Mar 2009, James Carlson wrote:
>Darren J Moffat writes:
>> Maybe but I'd rather it wasn't part of this case. The common case for
>> SSH chroot is for SFTP and the use of the internal-sftp is the best
>> solution for that.
>>
>> chroot environments cause a significant patching/pkg update problem and
>> I'd rather not encourage use of building those environments.
>
>I guess it depends on how strongly users feel about using those
>environments.
exactly, and chrooted plain SSH connections are very different. For
FTP, one doesn't need much and one runs the one command only. For SSH, we
need commands there in order to be useful, so we would have to decide which
ones. Different commands need different devices. If some of those commands
are screen oriented, we would need terminal databases as well. Etc.
also, using external sftp-server with ChrootDirectory doesn't make
sense with the existence of internal-sftp.
I'm working with a simple chroot directory (can do ls after logging
in) with SSH in the new STC-2 SSH test case I'll putback together with the
project but it's almost useless for the normal work, users would need much
nore. Let's leave it to users.
I think that more than 99% of people will use ChrootDirectory with
internal-sftp only and for that we don't need anything.
--
Jan Pechanec
