Finally managed to create a jailed SFTP server, but how secure?
Larry Hall (Cygwin)
Wed Dec 3 21:53:00 GMT 2008
> Larry Hall wrote:
>> No, you cannot hide it. It is created by Cygwin itself as a convenience
>> to access the virtual 'cygdrive' directory. This is one of a number of
>> virtual directories ('/proc' and '/dev' come to mind) that Cygwin supports.
>> See the description of "Special filenames" in the User's Guide for more
> I understand why all these virtual directories are necessary at the absolute
> '/' root level. But here I refer to /cygdrive which is created inside the jail
> directory, which means in absolute path, /jail/cygdrive (/jail being the root
> of my jail). Inside the jail, only /cygdrive is created, no other virtual
> directories (/proc or /dev/xxx) or files are created.
Created or not, they exist. Try it.
>> In 1.7, there is a
>> new authentication module that will solve these and other pubkey
>> authentication problems. But 1.7 is not currently released and it's
>> release date is not decided.
> Thanks for this input. I suppose that to be on safe side, I must restrict
> it to password based authentication only if I use the current Cygwin.
This removes the impersonation piece of the puzzle, yes.
> And finally one more question. I am only aware of two subsystems supported
> by sshd more or less implicitely; sftp and shell (interactive logon). Is there
> any other subsystems which are handled by sshd implicitely (without me having
> to add anything to /etc/sshd_config)?
Can't answer that.
Larry Hall http://www.rfk.com
RFK Partners, Inc. (508) 893-9779 - RFK Office
216 Dalton Rd. (508) 893-9889 - FAX
Holliston, MA 01746
> Q: Are you sure?
>> A: Because it reverses the logical flow of conversation.
>>> Q: Why is top posting annoying in email?
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Problem reports: http://cygwin.com/problems.html
More information about the Cygwin