Chrooted OpenSSH for Windows (rssh sftp cygwin)
Christian Weinberger
christian.weinberger@directbox.com
Tue Nov 30 14:26:00 GMT 2004
John M. L. <john <at> recaffeinated.com> writes:
> I've been trying to implement an sftp server using OpenSSH for Windows
> (http://sshwindows.sourceforge.net). I haven't found much recent discussion
> on th topic of running OpenSSH in a chrooted jail on cygwin, but the
> following messages from a year ago have shed some light on the topic:
I solved exactly the same problem using scponly
(http://www.sublimation.org/scponly/)
.
The current version compiles easily under recent Cygwin releases.
You only have to modify the Makefile to include some libraries explicitly.
I´d always try to have a binary as a chroot stub and not a shell script. If you
use a shell script, you need bash and several supplemental programs in the
chroot jail which all may contain security leaks.
The tool that I used has a make option to prepare the chroot jail. It copies
all required files to the jail. So you may learn from it even if you decide to
stay with rssh.
You´ve to make another decision:
Do you only need to support sftp protocol version 2 or also older versions.
In the first case it should be sufficient to have sftp-server.exe in the chroot
jail (plus a passwd & group). In the second case, you´ll need to have things
like bash, ls, rm and others again.
Hope this helps a bit!
Christian
--
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Problem reports: http://cygwin.com/problems.html
Documentation: http://cygwin.com/docs.html
FAQ: http://cygwin.com/faq/
More information about the Cygwin
mailing list