Ok, along this line of thinking, ftp is a protocol that is for transfering files, yet the ftp deamon allows for setting a upper level directory. The ssh protocol is for encrypted command line access, why can't the ssh deamon provide access control also?
Thank you very much, Steve >>> [EMAIL PROTECTED] 11/21/02 20:26 PM >>> On Thu, 21 Nov 2002, Ed Wilts wrote: > On Thu, Nov 21, 2002 at 07:02:27PM -0500, Steve Howard wrote: > > Can I set an upper level directory, /home/user, for example for each > > user? I have been able to do this with ftp, but can I do it with ssh? > > You mean you want to chroot the user so that they can't transfer files > outside of that directory? If so, the answer is no, openssh does not > support this. Any user that has ssh access to your system (or sftp via > the openssh server) has regular access to every file, including your world > readable password file. This limitation is why I claim that ftp is > *more* secure than ssh for file transfers in many/most environments. > > For some very odd reason, the openssh aren't too eager to fix this and > when I raised this with the Red Hat openssh package maintainer, he > wasn't eagar either since he felt that if the openssh group wasn't going > to do, he shouldn't either. > If you are so paranoid you must use some restricted shell, or do a chroot (but then you must provide some binaries within), etc. Personally I don't think it's the job of ssh to do this, I think is the job of the shell, ssh provides just the secure communication channel (i.e. overloading it will be both difficult and unnecessary) Cheers, -- Ryurick M. Hristev mailto:[EMAIL PROTECTED] Computer Systems Manager University of Canterbury, Physics & Astronomy Dept., New Zealand -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED]?subject=unsubscribe https://listman.redhat.com/mailman/listinfo/redhat-list -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED]?subject=unsubscribe https://listman.redhat.com/mailman/listinfo/redhat-list
