[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[xougen] Re: [Gnu-arch-users] Savannah sftp broken again!
From: |
Ethan Benson |
Subject: |
[xougen] Re: [Gnu-arch-users] Savannah sftp broken again! |
Date: |
Tue, 16 Sep 2003 11:15:52 -0000 |
User-agent: |
Mutt/1.3.28i |
On Tue, Sep 16, 2003 at 01:38:59AM -0700, Jonathan Walther wrote:
>
> Someone switched the sshd configuration to use the so-called "chroot"
> version of the sftp subsystem. This does not work, it has never worked,
> and it CANNOT work. Any project that wants to have an arch repository
> needs it to work, including my project.
>
> sftp has never yet been compromised, and the version of ssh on Savannah
> is up to date. The directory permissions are set correctly. What is to
> worry about? Noone is able to access anything with sftp they cannot
> ALREADY access with ssh.
let me get this straight...
savannah users (those who are registered, have valid accounts etc) get
a normal full ssh shell account on this machine, not chrooted. sftp
only allows connections from these same authenticated real accounts
(no `anonymous'), and yet sftp is being chrooted?
as a sysadmin myself, ill state that this makes no sense. sftp is
only available to the same users who already have a full shell, there
is no additional threat from it that is not already present by
allowing shell access.
--
Ethan Benson
http://www.alaska.net/~erbenson/
pgpr8aTWFDL1x.pgp
Description: PGP signature
- [xougen] Re: [Gnu-arch-users] Savannah sftp broken again!,
Ethan Benson <=