Has anyone recently tried to compile rssh?

[John M Lauck]

Has anyone recently tried to compile rssh?  Any luck with the newer 
cygwin dll and packages?

John M. Lauck
--
Unsubscribe info:  http://cygwin.com/ml/#unsubscribe-simple
Problem reports:   http://cygwin.com/problems.html
Documentation: http://cygwin.com/docs.html
FAQ:   http://cygwin.com/faq/

Re: Has anyone recently tried to compile rssh?

[John M Lauck]

I tried to compile rssh and I get errors about wordexp().  I thought 
wordexp() was included in the newest version of cygwin.

John M. Lauck
Christopher Faylor wrote:
On Wed, Feb 02, 2005 at 04:28:07PM -0500, John M Lauck wrote:
Has anyone recently tried to compile rssh?  Any luck with the newer 
cygwin dll and packages?

I think the newer one works good.  The older one was real crap.

--
Unsubscribe info:  http://cygwin.com/ml/#unsubscribe-simple
Problem reports:   http://cygwin.com/problems.html
Documentation: http://cygwin.com/docs.html
FAQ:   http://cygwin.com/faq/

wordexp cygwin dll 1.5.12-1

[John M Lauck]

Can someone explain the existence of wordexp.h in /usr/include in the 
latest version of Cygwin?  I understand that the header file exists and 
as far as I can tell bash has the --wordexp feature (as required in the 
header).  Is wordexp() compiled into the latest version of cygwin or not?

John M. Lauck
--
Unsubscribe info:  http://cygwin.com/ml/#unsubscribe-simple
Problem reports:   http://cygwin.com/problems.html
Documentation: http://cygwin.com/docs.html
FAQ:   http://cygwin.com/faq/

Re: Chrooted OpenSSH for Windows (rssh sftp cygwin)

[john m lauck]

Thanks, Christian!
I actually got the chrooted sftp session to *work* (! shell commands 
still work).  I made these changes:

--
chroot /cygdrive/c/StudentsShare /usr/sbin/sftp-server
--
Basically, I removed the 'exec' from the chroot call.  I thought maybe 
there were insufficient dll's in the chroot C:\StudentsShare.  I copied 
all the local files from the /usr, /bin and /etc folders to my chroot 
and still had the same problem with including the 'exec'.  Does anyone 
know how the exec effects chroot call?  I dont understand how the exec 
makes it more secure by replacing the current script process.
However, this doesn't stop a user from entering a ! command at the sftp 
prompt.  I had some luck setting file privileges/ownership but that 
seems like a dangerous move to chmod/chown all the files outside of 
C:\StudentsShare.

Any ideas are welcome.
Also (in response to Christian Weinberger), I only need SFTP protocol 2.
I prefer to stick to SFTP just because it's easier to transfer a group 
of files and manipulate folders etc.

With time permitting for my project I may give scponly a try.
Christian Weinberger wrote:
John M. L. john at recaffeinated.com writes:
I've been trying to implement an sftp server using OpenSSH for Windows
(http://sshwindows.sourceforge.net).  I haven't found much recent discussion
on th topic of running OpenSSH in a chrooted jail on cygwin, but the
following messages from a year ago have shed some light on the topic:

I solved exactly the same problem using scponly 
(http://www.sublimation.org/scponly/)
.
The current version compiles easily under recent Cygwin releases.
You only have to modify the Makefile to include some libraries explicitly.

Id always try to have a binary as a chroot stub and not a shell script. If you 
use a shell script, you need bash and several supplemental programs in the 
chroot jail which all may contain security leaks.

The tool that I used has a make option to prepare the chroot jail. It copies 
all required files to the jail. So you may learn from it even if you decide to 
stay with rssh.

Youve to make another decision:
Do you only need to support sftp protocol version 2 or also older versions.
In the first case it should be sufficient to have sftp-server.exe in the chroot 
jail (plus a passwd  group). In the second case, youll need to have things 
like bash, ls, rm and others again.

Hope this helps a bit!
Christian


--
Unsubscribe info:  http://cygwin.com/ml/#unsubscribe-simple
Problem reports:   http://cygwin.com/problems.html
Documentation: http://cygwin.com/docs.html
FAQ:   http://cygwin.com/faq/