[CentOS] RE: chroot over ssh

Thu Nov 16 23:18:08 UTC 2006
Kevan Benson <kbenson at a-1networks.com>

On Wednesday 15 November 2006 19:14, Maciej Zenczykowski wrote:
> I have a yum repository at http://tcs.uj.edu.pl/~buildcentos/ which
> includes the centos ssh rebuilt with a tiny patch which makes sshd chroot
> on login if it sees a /./ in the users home directory.

This is especially nice as a solution for securing ftp/sftp access because you 
can allow ftp chroots the using the same /./ in the passwd file through 
vsftpd (although vsftpd doesn't require libs in the chroot, so it's not a 
"true" chroot).

I assume you are using the chrootssh (http://chrootssh.sourceforge.net) 
project's patch (as that's the name of the directory the rpms are in), which 
is worth mentioning for the security conscious people out there who might 
want to know how this was implemented.  

-- 
- Kevan Benson
- A-1 Networks