On Feb 27, 2011, at 5:21 PM, Riccardo Castellani wrote: > I installed openssh-5.6p1 into my Fedora server and I run this service into > chroot mode. > I think to have found out a BUG into this package, specifically into sshd > service: > > if remote user tries to connect to this service, where its home directory is > unaccessible because it doesn't respect right permissions (execution > permission of owner is missed or home directory is missing), he comes > automatically into root folder of chroot.
It's not a bug, it's a feature ;) (c) > I think sshd should have to deny this login or at least sshd_config should > have to contain the option to set this specifc behaviour; for example into > Fedora distributions, there is "DEFAULT_HOME" option in /etc/login.defs file > to permit this behavior. No. > Yes it's true, I can restrict access to specific users or use PAM module, but > for security reasons I need to make sure myself to restrict access ONLY to > home folder of user. > I also could use PAM modules, but it's only available pam_mkhomedir.so which > creates home folder if this one is not existing; I need pam_homecheck.so but > it's available only as package for OpenSuse. > Suggestions ?
