RE: SFTP and CHROOT

So, the ssh server is on the AIX machine? If so, one of those products
should work (they are all server-side). Also, yes, there is a chroot patch
for OpenSSH, but it is not part of OpenSSH development (find it at
http://chrootssh.sourceforge.net/).

Good luck.

 -Michael

-----Original Message-----
From: Joseph Mah [mailto:mah_joseph@hotmail.com]
Sent: Wednesday, October 01, 2003 9:01 AM
To: ssh-l@erdelynet.com
Subject: RE: SFTP and CHROOT

Ok well I'm running AIX 4.3.1 and it's currently in production running an
application. I don't really have a test machine to try it out on. I sort
of get the feeling that Openssh does have a chroot patch but it needs to be
applied in the beginning during installation of OpenSSH. People are able to

sftp without a problem but it's pretty much open season once they've logged
on. I guess one workaround I do now is set up samba and have people sftp to

a windows box where I can mount the directory and maintain more control.
I want to upgrade to OpenSSH 3.7.1 but will that require me to shut down
sshd for now and reinstall it? Will it affect my current ssh keys and
settings?

>From: "Johnson, Michael" <Michael.Johnson.03@mckenna.edu>
>Reply-To: Secure Shell Discussions <ssh-l@erdelynet.com>
>To: "'Secure Shell Discussions'" <ssh-l@erdelynet.com>
>Subject: RE: SFTP and CHROOT
>Date: Tue, 30 Sep 2003 14:03:57 -0700
>
>OpenSSH does not do chroot, mostly because the developers feel that should
>be left up to the system developers. I know of two solutions for chroot and
>sftp lockdown: scponly and rssh. Currently, I am only able to get scponly
>to
>compile in Cygwin (with a little work). Once it works, it does do quite
>well. Do remember that chrooting a user means that parts of the bin
>directory, etc need to be replicated for the system to work.
>
> -Michael
> http://lexa.mckenna.edu/sshwindows/
>
>
>-----Original Message-----
>From: Joseph Mah [mailto:mah_joseph@hotmail.com]
>Sent: Tuesday, September 30, 2003 12:11 PM
>To: ssh-l@erdelynet.com
>Subject: SFTP and CHROOT
>
>
>Hello everyone, I have OpenSSH-3.6.1p2 running right now and wanted to know
>if there was a way to chroot or lock out my current users from accessing
>directories other than their own? Is there some sort of a patch for the
>version I am running that would enable SFTP lockdowns?
>
>Any help would be appreciated.
>
>Thanks
>
>Joseph
>
>_________________________________________________________________
>Instant message during games with MSN Messenger 6.0. Download it now FREE!
>http://msnmessenger-download.com
>
>--
>List Information: http://tech.erdelynet.com/mailman/listinfo/ssh-l/
>List Archives: http://erdelynet.com/archive/ssh-l/
>To Unsubscribe: Go to http://tech.erdelynet.com/mailman/listinfo/ssh-l/ and
>enter your email address at the bottom to "Edit Options". If you don't know
>your password, have it emailed to you. Then unsubscribe.
>###########################################
>
>This message has been scanned by F-Secure Anti-Virus for Microsoft
>Exchange.
>For more information, connect to http://www.F-Secure.com/
>--
>List Information: http://tech.erdelynet.com/mailman/listinfo/ssh-l/
>List Archives: http://erdelynet.com/archive/ssh-l/
>To Unsubscribe: Go to http://tech.erdelynet.com/mailman/listinfo/ssh-l/ and

>enter your email address at the bottom to "Edit Options". If you don't know

>your password, have it emailed to you. Then unsubscribe.

_________________________________________________________________
Instant message during games with MSN Messenger 6.0. Download it now FREE!
http://msnmessenger-download.com

--
List Information: http://tech.erdelynet.com/mailman/listinfo/ssh-l/
List Archives:    http://erdelynet.com/archive/ssh-l/
To Unsubscribe: Go to http://tech.erdelynet.com/mailman/listinfo/ssh-l/ and
enter your email address at the bottom to "Edit Options". If you don't know
your password, have it emailed to you. Then unsubscribe.
###########################################
This message has been scanned by F-Secure Anti-Virus for Microsoft Exchange.
For more information, connect to http://www.F-Secure.com/
--
List Information: http://tech.erdelynet.com/mailman/listinfo/ssh-l/
List Archives:    http://erdelynet.com/archive/ssh-l/
To Unsubscribe: Go to http://tech.erdelynet.com/mailman/listinfo/ssh-l/ and enter your email address at the bottom to "Edit Options". If you don't know your password, have it emailed to you. Then unsubscribe.