This is the mail archive of the cygwin mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: Chrooted OpenSSH for Windows (rssh sftp cygwin)


John M. L. <john <at> recaffeinated.com> writes:
> I've been trying to implement an sftp server using OpenSSH for Windows
> (http://sshwindows.sourceforge.net).  I haven't found much recent discussion
> on th topic of running OpenSSH in a chrooted jail on cygwin, but the
> following messages from a year ago have shed some light on the topic:

I solved exactly the same problem using scponly 
(http://www.sublimation.org/scponly/)
.
The current version compiles easily under recent Cygwin releases.
You only have to modify the Makefile to include some libraries explicitly.

IÂd always try to have a binary as a chroot stub and not a shell script. If you 
use a shell script, you need bash and several supplemental programs in the 
chroot jail which all may contain security leaks.

The tool that I used has a make option to prepare the chroot jail. It copies 
all required files to the jail. So you may learn from it even if you decide to 
stay with rssh.

YouÂve to make another decision:
Do you only need to support sftp protocol version 2 or also older versions.
In the first case it should be sufficient to have sftp-server.exe in the chroot 
jail (plus a passwd & group). In the second case, youÂll need to have things 
like bash, ls, rm and others again.

Hope this helps a bit!
Christian


--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]