[CentOS] rssh / scponly

Mon Mar 28 02:34:53 UTC 2011
Nico Kadel-Garcia <nkadel at gmail.com>

On Sun, Mar 27, 2011 at 10:12 PM, Gregory P. Ennis <PoMec at pomec.net> wrote:
>> Am 27.03.2011 um 22:57 schrieb John R Pierce:
>>
>>> On 03/27/11 1:03 PM, Rainer Duffner wrote:
>>>> If you use sftp, it can be chroot'ed by default (see man-page).
>>>> (In reasonably recent version of sshd)
>>>
>>> I gather thats a sshd somewhat newer than the one included in CentOS 5
>>> ?
>>
>>
>> I don't know.
>> ;-)
>> I only used it in FreeBSD - but it's included there since at least 7.2.
>> That was released in May 2009.
>> OpenSSH 5.1p1
>>
>> Looking, sshd in my latest CentOS shows v 4.6p2
>
> rhel / centos contains openssh with backported chroot:
>
> rpm -q --changelog openssh-server | grep chroot
> - minimize chroot patch to be compatible with upstream (#522141)
> - tiny change in chroot sftp capability into openssh-server solve ls
> speed problem (#440240)
> - add chroot sftp capability into openssh-server (#440240)
> - enable the subprocess in chroot to send messages to system log

Only by recompiling and backporting OpenSSH 5.x from RHEL 6, or by
getting "Centrify" and their tools from www.centrify.com. Centrify
also includes good tools for integration with Active Directory based
authentication, very useful in a mixed environment where you don't
have the political pull to get the AD administratiors in the same room
to discuss how LDAP and Kerberos actually work and why Linux can
cooperate with it. Being able to wave that magic "commercially
supported" wand seems to help with those meetings, and it's actually a
pretty good toolkit.