sftp and chroot?

Bill McGonigle bill at bfccomputing.com
Mon Jan 19 12:19:03 EST 2009


On 2009-01-16 2:51 PM, Paul Lussier wrote:
> Has anyone set up sftp in a chroot environment before?

I used to do this using the pizzashack code (the author has been on this 
list before, sorry for being forgetful of his name) but as I recall 
there were intractable security problems with the method.

The most recent release of OpenSSH said in the release notes that they 
made this trivial to accomplish.  Centos 5 probably doesn't have that 
release; IMHO it'd be a package upgrade worth manually managing.  If you 
have tight control of the clients you can run the local copy on a 
different port and IPTables access to minimize sysadmin inattention issues.

-Bill

-- 
Bill McGonigle, Owner           Work: 603.448.4440
BFC Computing, LLC              Home: 603.448.1668
bill at bfccomputing.com           Cell: 603.252.2606
http://www.bfccomputing.com/    Page: 603.442.1833
Blog: http://blog.bfccomputing.com/
VCard: http://bfccomputing.com/vcard/bill.vcf


More information about the gnhlug-discuss mailing list