Chroot in OpenSSH - Slashdot

Slashdot is powered by your submissions, so send in your scoop

×

Chroot in OpenSSH 62

Posted by ScuttleMonkey on Wednesday February 20, 2008 @02:48PM from the making-life-easier-always-my-goal dept.

bsdphx writes "OpenSSH developers Damien Miller and Markus Friedl have recently added a nifty feature to make life easier for admins. Now you can easily lock an SSH session into a chroot directory, restrict them to a built-in sftp server and apply these settings per user. And it's dead simple to do. If you need to allow semi-trusted people on your computers, then you want this bad!"

This discussion has been archived. No new comments can be posted.

Chroot in OpenSSH

Search 62 Comments Log In/Create an Account

Comments Filter:

Why bother? (Score:3, Insightful)

by whoever57 ( 658626 ) writes: on Wednesday February 20, 2008 @02:53PM (#22491700) Journal

Didn't we just read that chroot "jails" are not secure?

Share
twitter facebook
Re:Why bother? (Score:0, Insightful)

by Anonymous Coward writes: on Wednesday February 20, 2008 @02:55PM (#22491754)

When has that ever stopped the OpenBSD/OpenSSH developers? Security is what they say it is.

Parent Share
twitter facebook
Re:Why bother? (Score:5, Insightful)

by bsdphx ( 987649 ) writes: on Wednesday February 20, 2008 @03:02PM (#22491882) Homepage

Understanding the issues is better than parroting what you've heard from random sources. Given the OpenBSD and OpenSSH track record for security it's obvious they have some serious clues about security.

Parent Share
twitter facebook
Re:Oh thank god (Score:3, Insightful)

by pembo13 ( 770295 ) writes: on Wednesday February 20, 2008 @03:41PM (#22492448) Homepage

All we need now is some form of virtual user system that can be mapped to a real, unprivileged user, preferably with a flexible auth system.

Parent Share
twitter facebook
Re:all that for sftp? (Score:4, Insightful)

by evilviper ( 135110 ) writes: on Wednesday February 20, 2008 @07:07PM (#22495562) Journal

WebDav with ApacheSSL properly installed is lots safer.

Why? No privilege separation. A MUCH bigger code base.

Not to mention fewer standalone programs.
IMHO there should never be user accounts on a machine,

Why not? The user security model is reliable and time tested. It does not require reinventing the "user". It does not depend on one program handling it's own system of virtual permissions correctly. It does not depend on the security of a large program that users directly interact with.

I can see ample reasons sftp is safer.

Parent Share
twitter facebook

There may be more comments in this discussion. Without JavaScript enabled, you might want to turn on Classic Discussion System in your preferences instead.

Related Links Top of the: day, week, month.

390 comments32-Hour Workweek for America Proposed by Senator Bernie Sanders
358 commentsWhat Should Happen to Empty Downtown Office Spaces?
340 commentsHacktivism Erupts In Response To Hamas-Israel War
324 comments'Feedback' Is Now Too Harsh. The New Word is 'Feedforward'
248 commentsWorkers are Resisting Calls to Return to Offices

"Experience has proved that some people indeed know everything." -- Russell Baker