Finally managed to create a jailed SFTP server, but how secure?

Larry Hall (Cygwin)
Wed Dec 3 21:53:00 GMT 2008

TheO wrote:
> Larry Hall wrote:
>> No, you cannot hide it.  It is created by Cygwin itself as a convenience
>> to access the virtual 'cygdrive' directory.  This is one of a number of
>> virtual directories ('/proc' and '/dev' come to mind) that Cygwin supports.
>> See the description of "Special filenames" in the User's Guide for more
>> details.
> I understand why all these virtual directories are necessary at the absolute
> '/' root level. But here I refer to /cygdrive which is created inside the jail
> directory, which means in absolute path, /jail/cygdrive (/jail being the root 
> of my jail). Inside the jail, only /cygdrive is created, no other virtual 
> directories (/proc or /dev/xxx) or files are created.

Created or not, they exist.  Try it.

>> In 1.7, there is a
>> new authentication module that will solve these and other pubkey
>> authentication problems.  But 1.7 is not currently released and it's
>> release date is not decided.
> Thanks for this input. I suppose that to be on safe side, I must restrict 
> it to password based authentication only if I use the current Cygwin.

This removes the impersonation piece of the puzzle, yes.

> And finally one more question. I am only aware of two subsystems supported
> by sshd more or less implicitely; sftp and shell (interactive logon). Is there
> any other subsystems which are handled by sshd implicitely (without me having
> to add anything to /etc/sshd_config)?

Can't answer that.

Larry Hall                    
RFK Partners, Inc.                      (508) 893-9779 - RFK Office
216 Dalton Rd.                          (508) 893-9889 - FAX
Holliston, MA 01746


A: Yes.
 > Q: Are you sure?
 >> A: Because it reverses the logical flow of conversation.
 >>> Q: Why is top posting annoying in email?

Unsubscribe info:
Problem reports:

More information about the Cygwin mailing list