From owner-freebsd-security  Thu Aug 15 23:35:24 2002
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 714C337B400
	for <security@freebsd.org>; Thu, 15 Aug 2002 23:35:22 -0700 (PDT)
Received: from argus.volker.de (pD9504DC4.dip.t-dialin.net [217.80.77.196])
	by mx1.FreeBSD.org (Postfix) with ESMTP id CBC2643E65
	for <security@freebsd.org>; Thu, 15 Aug 2002 23:35:15 -0700 (PDT)
	(envelope-from freebsd@secspace.de)
Received: from argus.volker.de (localhost [127.0.0.1])
	by argus.volker.de (8.12.5/8.12.5) with SMTP id g7G6Z4fx000260
	for <security@freebsd.org>; Fri, 16 Aug 2002 08:35:05 +0200 (CEST)
	(envelope-from freebsd@secspace.de)
Date: Fri, 16 Aug 2002 08:35:04 +0200
From: Volker Kindermann <freebsd@secspace.de>
To: security@freebsd.org
Subject: Re: Chroot environment for ssh
Message-Id: <20020816083504.4b6906eb.freebsd@secspace.de>
In-Reply-To: <20020815180211.GC91830@juno.paeps.cx>
References: <20020815134341.GO1144@juno.paeps.cx>
	<20020815160102.11f7c27b.freebsd@secspace.de>
	<20020815173540.GB91830@juno.paeps.cx>
	<20020815180211.GC91830@juno.paeps.cx>
X-Mailer: Sylpheed version 0.8.1claws (GTK+ 1.2.10; i386-portbld-freebsd4.6)
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

> > > scponly has a chroot-Mode but the setup is a little tricky.
> > 
> > As long as it's not too burdensome to create new chrooted users, I'm
> > perfectly happy with it :-)
> 
> This bit is still causing me a minor headache.  The chroot script
> needs a bit of hacking before it a) works properly on FreeBSD, b)
> works good enough to be called from adduser or similar.
> 
> When I'm done with that fix I think I might as well submit it as a
> port.  I think it would do well in the ports collection!

I had some contact with the author some time ago and I think he'll be
glad to help you if you get problems. He develops on OpenBSD. 

A scponly-port is a great idea.

 -volker

-- 
Please don't cc me: I read the lists and don't need your message twice
:-)


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message