Derek Martin wrote: > I will say I wrote rssh in part because I thought Joe's approach to > scponly was more complicated and hard to audit
I did stop using rssh as whenever I tried to access ~ on the remote end it would cause an error message that /chroot/home/user didn't exist; which, of course, it doesn't from within the chroot. Whereas scponly would reject ~ with an error regarding wildcards, which was less confusing for users. However! This thread has just made me realise that a symlink inside the chroot linking /chroot/chroot to /chroot (Or rather chroot to . within /chroot) means that rssh works perfectly again! So I've gone back to using it again! :) I did consider modifying rssh so that it substitutes the user's home path from the chroot's passwd file for ~ but that may not be appropriate for all circumstances and the symlink is easy enough to implement. Take care, Ben
