[prev in list] [next in list] [prev in thread] [next in thread] 

List:       cygwin
Subject:    Re: Chrooted OpenSSH for Windows (rssh sftp cygwin)
From:       Christian Weinberger <christian.weinberger () directbox ! com>
Date:       2004-11-30 14:13:11
Message-ID: loom.20041130T143350-849 () post ! gmane ! org
[Download RAW message or body]

John M. L. <john <at> recaffeinated.com> writes:
> I've been trying to implement an sftp server using OpenSSH for Windows
> (http://sshwindows.sourceforge.net).  I haven't found much recent discussion
> on th topic of running OpenSSH in a chrooted jail on cygwin, but the
> following messages from a year ago have shed some light on the topic:

I solved exactly the same problem using scponly 
(http://www.sublimation.org/scponly/)
.
The current version compiles easily under recent Cygwin releases.
You only have to modify the Makefile to include some libraries explicitly.

I īd always try to have a binary as a chroot stub and not a shell script. If you 
use a shell script, you need bash and several supplemental programs in the 
chroot jail which all may contain security leaks.

The tool that I used has a make option to prepare the chroot jail. It copies 
all required files to the jail. So you may learn from it even if you decide to 
stay with rssh.

You īve to make another decision:
Do you only need to support sftp protocol version 2 or also older versions.
In the first case it should be sufficient to have sftp-server.exe in the chroot 
jail (plus a passwd & group). In the second case, you īll need to have things 
like bash, ls, rm and others again.

Hope this helps a bit!
Christian


--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

[prev in list] [next in list] [prev in thread] [next in thread]