This is the mail archive of the
mailing list for the Cygwin project.
Re: SFTP doesn't work with ChrootDirectory option set
- From: TheO <idgajelas at yahoo dot com>
- To: cygwin at cygwin dot com, Eric Blake <ebb9 at byu dot net>
- Date: Tue, 18 Nov 2008 00:02:41 -0800 (PST)
- Subject: Re: SFTP doesn't work with ChrootDirectory option set
- Reply-to: idgajelas at yahoo dot com
Actually my real objective is to use chroot for SFTP. I am planning to disable ssh login in the final configuration, I was using ssh just for testing the sshd capability for chrooting.
--- On Mon, 11/17/08, Eric Blake <firstname.lastname@example.org> wrote:
> From: Eric Blake <email@example.com>
> Subject: Re: SFTP doesn't work with ChrootDirectory option set
> To: firstname.lastname@example.org, email@example.com
> Date: Monday, November 17, 2008, 9:33 PM
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> According to TheO on 11/17/2008 2:24 PM:
> > Hi,
> > I have Cygwin with OpenSSH version 5.1p1-9 installed.
> > I managed to make ssh with chroot to work by using
> ChrootDirectory in sshd_config and copying /bin/bash to the
> chroot directory.
> chroot on cygwin is NOT a security measure; it is just an
> emulation to
> ease porting. The API exists, and allows cygwin apps to
> recognize a
> different root. But the fact remains that you can spawn a
> program, which doesn't honor the chroot, and all files
> outside of the
> chroot area are once again accessible. Therefore, if
> chroot doesn't add
> security, then why should ssh, which is all about security,
> even try to
> honor ChrootDirectory?
> - --
> Don't work too hard, make some time for fun as well!
> Eric Blake firstname.lastname@example.org
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.9 (Cygwin)
> Comment: Public key at
> Comment: Using GnuPG with Mozilla -
> -----END PGP SIGNATURE-----
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Problem reports: http://cygwin.com/problems.html