Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Secure-Shell
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

OpenSSH & ChRoot

from [Richard Secor] Network Security [Permanent Link]
Subject: OpenSSH & ChRoot
Date: Fri, 20 May 2005 15:15:31 -0400 

I've been using SSH 3.2.9.1 from ssh.org/ssh.com for quite awhile now.

Since FreeBSD uses OpenSSH as part of the install I figured I might move over to it.

However, it seems there may be some issues with what OpenSSH can or more accurately cannot do over what SSH 3.2.9.1 can/could do.

With SSH I can do have a "ChRootUser" configuration line in my sshd2_config, however there does not seem to be an easy way of getting the same result from OpenSSH.

Before I get asked why I would want this....
I would like to give my customers the option of having Shell access to the server without having to "jail" everything.
And I do not want them poking around (whether everything is tied up or not is not the issue, however, piece of mind is).

I'm sure someone will try and explain to me why I don't need to ChRoot in SSH, but I want to do it, and with SSH I can. That should be enough to find out how to do it with OpenSSH (otherwise I'm stuck with SSH, until something comes along)

As an additional note I'm a little reluctant to use the available openssh-chroot patch at sourceforge as it seems to implement some strange way of doing chroot "./../home/$USER" or something like that instead of just leaving "/home/$USER" and it using that for the chroot.

Please make sure my E-Mail Address is in the To, CC or BCC field as I have not subscribed to the discussion list.

Thanks,
Richard Secor
rsecor@seqlogic.com

[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  workarounds for Host param not canonicalizing?, Ryan Barrett
Next by Date:  SCP fails with publickey, Hicks,Rodger
Previous by Thread:  workarounds for Host param not canonicalizing?, Ryan Barrett
Next by Thread:  Re: OpenSSH & ChRoot, Darren Tucker
Indexes:  [Date] [Thread] [Top] [All Lists]