On Sun, Mar 27, 2011 at 4:57 PM, John R Pierce pierce@hogranch.com wrote:
On 03/27/11 1:03 PM, Rainer Duffner wrote:
If you use sftp, it can be chroot'ed by default (see man-page). (In reasonably recent version of sshd)
I gather thats a sshd somewhat newer than the one included in CentOS 5 ? the only mention of chroot in man sshd is the /var/empty/sshd dir used during preauthorization.
Yeah, it's not supported until OpenSSH version 5.x. That upgrade will cause other surprises. Some colleagues ran headlong into it no longer reading ".bashrc" unless it's an actual login sessin, and became quite concerned when their local host-specific aliases were no longer available to their remote "ssh" commands.
I'd be very cautious on setting this up, or you could easily lose access to ssh shell sessions since ssh/scp/sftp are all so tightly coupled.
Yeah, I used to publish chroot cage tools for ssh-1, ssh-2, and OpenSSH years ago.