[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]
[linux-security] Re: ssh and chroot...
- From: Alex Belits <abelits phobos illtel denver co us>
- To: Jan Kasprzak <kas informatics muni cz>
- Cc: Mike Bowie <mike goforgold com>, linux-security redhat com, recipient list not shown: ;
- Subject: [linux-security] Re: ssh and chroot...
- Date: Thu, 18 May 2000 16:31:01 -0700 (PDT)
On Tue, 9 May 2000, Jan Kasprzak wrote:
> I think the most trivial option would be to use the "UseLogin yes"
> in sshd_config. /bin/login can handle chroot well, AFAIK. OTOH you will
> lose the RSA authentication ability then.
>
> The more clean, but hard way would be to extend the sshd-pam
> patch to allow chroot.
Or, much easier, write a setuid shell wrapper that does chroot() and
chdir(), sets all uids back to the user's one and runs real shell from
chrooted environment. If wrapper will be configured as user's shell, and
user won't be allowed to change it from chrooted environment, user will
get chrooted environment, no matter how he will log in, yet all
authentication will be performed outside that environment.
--
Alex
[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]