[Nottingham] chroot-ed file transfer

Martin martin at ml1.co.uk
Fri Sep 9 13:30:13 UTC 2011


On 9 September 2011 14:02, Roger Light <roger at atchoo.org> wrote:
>> Any easy way for that for scp and rsync?
>
> Haven't you already covered that by saying you can chroot ssh? scp
> uses ssh and rsync can do as Dylan says. If that's their only means of
> connecting then all is good.

chroot-ing ssh for each individual user is too much of a mess.

> A quick google for ssh chroot turned up
> http://www.techrepublic.com/blog/opensource/chroot-users-with-openssh-an-easier-way-to-confine-users-to-their-home-directories/229
> That offers a very nice solution that I'd not seen before if you're
> only wanting to offer file transfer capabilities rather than a
> chrooted shell account. When I've done this in the past it's been a
> pain because of keeping the chroots up to date - this solves it very
> neatly.

That's very neat for sftp and a good solution. Ideally, I'd like the
same sort of setup for scp and for rsync-over-ssh. Unfortunately,
there appears to be no ssh subsytems other than just for ftp.

Indeed, I'm trying to avoid the setup and maintenance pain of multiple
chroots of applications (such as rssh) and all their associated
dependencies...


The list I gave shows the server applications that I know of that
implement their own 'chroot'. They're easy. That leaves scp and rsync
unsupported for an easy 'chroot'. I'd rather not waste time
scripting/maintaining a custom chroot updater for those!

I especially would like an easily chroot-ed rsync-over-ssh...

Ideas?

Cheers,
Martin



More information about the Nottingham mailing list