That's correct, forgot to mention it. We ended up using SFTP (or at least offering it to external).
-----Original Message----- From: CentOS [mailto:centos-bounces@centos.org] On Behalf Of rainer@ultra-secure.de Sent: Dienstag, 24. Oktober 2017 15:24 To: CentOS mailing list Subject: Re: [CentOS] scp setup jailed chroot on Centos7
Am 2017-10-24 12:19, schrieb Adrian Jenzer:
Hi Rainer I would if I could but external offers only FTP and SCP...
Regards Adrian
AFAIK, for scp you need a proper shell.
I've done that exactly once (chrooted ssh) and it was such a pain that I vowed to never do it again.
The problem is that inside the chroot, you need:
- nameresolution - a minimal passwd/shadow/group file (or ldap) - maybe for scp, you can get away with a rather minimal device-tree - but for actual SSH access, I needed a fairly complete device tree inside the chroot (ttys ...). - that was with FreeBSD 10, I never tried it with anything else (due to its history with jails, creating functional, limited chroot-environments is somewhat in its genes, so to speak)
Somebody sent me the link to these scripts:
https://github.com/codelibre-net/schroot
Maybe you can use those scripts - I've never tried them.
Also, there's scp-only: https://github.com/scponly/scponly/wiki
Haven't used that in years, either. Concern over that one seemed to be that it's "another" shell and nobody had apparently done a thorough audit of it. _______________________________________________ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos