[CentOS] rssh / scponly

Sun Mar 27 23:46:16 UTC 2011
Nico Kadel-Garcia <nkadel at gmail.com>

On Sun, Mar 27, 2011 at 4:57 PM, John R Pierce <pierce at hogranch.com> wrote:
> On 03/27/11 1:03 PM, Rainer Duffner wrote:
>> If you use sftp, it can be chroot'ed by default (see man-page).
>> (In reasonably recent version of sshd)
>
> I gather thats a sshd somewhat newer than the one included in CentOS 5
> ?  the only mention of chroot in man sshd is the /var/empty/sshd dir
> used during preauthorization.

Yeah, it's not supported until OpenSSH version 5.x. That upgrade will
cause other surprises. Some colleagues ran headlong into it no longer
reading ".bashrc" unless it's an actual login sessin, and became quite
concerned when their local host-specific aliases were no longer
available to their remote "ssh" commands.

> I'd be very cautious on setting this up, or you could easily lose access
> to ssh shell sessions since ssh/scp/sftp are all so tightly coupled.

Yeah, I used to publish chroot cage tools for ssh-1, ssh-2, and
OpenSSH years ago.