I'm setting up a test environment using OpenSSH built in sFTP server. What I want to-do is build a chroot environment where people can connect to
I have sort-of got this by setting the shell to sftp-server. bizarre, I know, but it works, and a copy of /bin/true does not. in both the real and chroot'ed /etc/passwd's I set the shell to the full path to sftp-server, and sftp works, ssh does not. ssh actually connects and will sit there until you type something, but as soon as you type anything sftp-server says "what is this rubbish?" and promptly hangs up on you. I don't have any real shell, or any other binary besides sftp-server in my chroot tree, and even though users can upload their own, they cannot execute it because their shell is only sftp-server, which is not a shell and cannot execute anything. I hope it doesn't have any cases where it could execute any external program like ls (I know it doesn't need ls specifically, just as an example the way ftpd often uses a ls binary in the chroot path). otherwise a person might be able to upload a shell named <whatever sftp-server might exec> this is OpenSSH 3.5p1 with chroot patch, on SCO Open Server 5.0.6 ------------ Actually it does. I tried /bin/false and it fails to setup the ssh connection properly. I guess the shell will let sftp only run specific sftp commands, anything else causes it to exit. -----Original Message----- From: Scott Venier [mailto:scottven@umich.edu] Sent: Wednesday, January 30, 2002 10:58 AM To: wlug@mail.wlug.org Subject: Re: [Wlug] ssh-dummy-shell for OpenSSH??? does the ssh-dummy-shell have to actually do anything for sFTP to work, or does it just have to be in /etc/shells? If it just has to be in /etc/shells, /bin/false works. Been using that for years for (non-s)FTP-only accounts. Scott On Wed, 30 Jan 2002, Keller, Tim wrote: the
machine via sFTP but not via SSH.
I know with the commercial version of SSH they have ssh-dummy-shell which when you try to connect via SSH just bails on you, but lets sFTP work properly.
I've done some digging on the web and I haven't found anything that'll replace this functionality on the OpenSSH side of things.
Anybody got any ideas/links of an open source version of ssh-dummy-shell.
Thanks, Tim. _______________________________________________ Wlug mailing list Wlug@mail.wlug.org http://mail.wlug.org/mailman/listinfo/wlug
_______________________________________________ Wlug mailing list Wlug@mail.wlug.org http://mail.wlug.org/mailman/listinfo/wlug -- Brian K. White -- brian@aljex.com -- http://www.aljex.com/bkw/ +++++[>+++[>+++++>+++++++<<-]<-]>>+.>.+++++.+++++++.-.[>+<---]>++. filePro BBx Linux SCO Prosper/FACTS AutoCAD #callahans Satriani