- djm@cvs.openbsd.org 2008/02/08 23:24:07

[servconf.c servconf.h session.c sftp-server.c sftp.h sshd_config] [sshd_config.5] add sshd_config ChrootDirectory option to chroot(2) users to a directory and tweak internal sftp server to work with it (no special files in chroot required). ok markus@
author: Damien Miller <djm@mindrot.org> 2008-02-10 22:40:12 +1100
committer: Damien Miller <djm@mindrot.org> 2008-02-10 22:40:12 +1100
commit: d8cb1f184f9acaae02bb4d15ce1e00ffbeeeac88 (patch)
tree: fb0100a74a6c870e835706aa487b54500510c5e1 /sshd_config.5
parent: dfc24258a75a06ea8a3f56d99d3669e1a012a1dc (diff)
1 files changed, 52 insertions, 2 deletions
diff --git a/sshd_config.5 b/sshd_config.5
index aa6720dc3..2f83bf2e1 100644
--- a/sshd_config.5
+++ b/sshd_config.5
@@ -34,8 +34,8 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: sshd_config.5,v 1.79 2008/01/01 09:27:33 dtucker Exp $
+.\" $OpenBSD: sshd_config.5,v 1.80 2008/02/08 23:24:07 djm Exp $
-.Dd $Mdocdate: January 1 2008 $
+.Dd $Mdocdate: February 8 2008 $
 .Dt SSHD_CONFIG 5
 .Os
 .Sh NAME
@@ -173,6 +173,45 @@ All authentication styles from
 are supported.
 The default is
 .Dq yes .
+.It Cm ChrootDirectory
+Specifies a path to
+.Xr chroot 2
+to after authentication.
+This path, and all its components, must be root-owned directories that are
+not writable by any other user or group.
+.Pp
+The path may contain the following tokens that are expanded at runtime once
+the connecting user has been authenticated: %% is replaced by a literal '%',
+%h is replaced by the home directory of the user being authenticated, and
+%u is replaced by the username of that user.
+.Pp
+The
+.Cm ChrootDirectory
+must contain the necessary files and directories to support the
+users' session.
+For an interactive session this requires at least a shell, typically
+.Xr sh 1 ,
+and basic
+.Pa /dev
+nodes such as
+.Xr null 4 ,
+.Xr zero 4 ,
+.Xr stdin 4 ,
+.Xr stdout 4 ,
+.Xr stderr 4 ,
+.Xr arandom 4
+and
+.Xr tty 4
+devices.
+For file transfer sessions using
+.Dq sftp ,
+no additional configuration of the environment is necessary if the
+in-process sftp server is used (see
+.Cm Subsystem
+for details.
+.Pp
+The default is not to
+.Xr chroot 2 .
 .It Cm Ciphers
 Specifies the ciphers allowed for protocol version 2.
 Multiple ciphers must be comma-separated.
@@ -740,11 +779,22 @@ The default is
 Configures an external subsystem (e.g. file transfer daemon).
 Arguments should be a subsystem name and a command (with optional arguments)
 to execute upon subsystem request.
+.Pp
 The command
 .Xr sftp-server 8
 implements the
 .Dq sftp
 file transfer subsystem.
+.Pp
+Alternately the name
+.Dq internal-sftp
+implements an in-process
+.Dq sftp
+server.
+This may simplify configurations using
+.Cm ChrootDirectory
+to force a different filesystem root on clients.
+.Pp
 By default no subsystems are defined.
 Note that this option applies to protocol version 2 only.
 .It Cm SyslogFacility
author	Damien Miller <djm@mindrot.org>	2008-02-10 22:40:12 +1100
committer	Damien Miller <djm@mindrot.org>	2008-02-10 22:40:12 +1100
commit	d8cb1f184f9acaae02bb4d15ce1e00ffbeeeac88 (patch)
tree	fb0100a74a6c870e835706aa487b54500510c5e1 /sshd_config.5
parent	dfc24258a75a06ea8a3f56d99d3669e1a012a1dc (diff)

diff --git a/sshd_config.5 b/sshd_config.5 index aa6720dc3..2f83bf2e1 100644 --- a/sshd_config.5 +++ b/sshd_config.5
@@ -34,8 +34,8 @@
34	.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF	34	.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
35	.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.	35	.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
36	.\"	36	.\"
37	.\" $OpenBSD: sshd_config.5,v 1.79 2008/01/01 09:27:33 dtucker Exp $	37	.\" $OpenBSD: sshd_config.5,v 1.80 2008/02/08 23:24:07 djm Exp $
38	.Dd $Mdocdate: January 1 2008 $	38	.Dd $Mdocdate: February 8 2008 $
39	.Dt SSHD_CONFIG 5	39	.Dt SSHD_CONFIG 5
40	.Os	40	.Os
41	.Sh NAME	41	.Sh NAME
@@ -173,6 +173,45 @@ All authentication styles from
173	are supported.	173	are supported.
174	The default is	174	The default is
175	.Dq yes .	175	.Dq yes .
		176	.It Cm ChrootDirectory
		177	Specifies a path to
		178	.Xr chroot 2
		179	to after authentication.
		180	This path, and all its components, must be root-owned directories that are
		181	not writable by any other user or group.
		182	.Pp
		183	The path may contain the following tokens that are expanded at runtime once
		184	the connecting user has been authenticated: %% is replaced by a literal '%',
		185	%h is replaced by the home directory of the user being authenticated, and
		186	%u is replaced by the username of that user.
		187	.Pp
		188	The
		189	.Cm ChrootDirectory
		190	must contain the necessary files and directories to support the
		191	users' session.
		192	For an interactive session this requires at least a shell, typically
		193	.Xr sh 1 ,
		194	and basic
		195	.Pa /dev
		196	nodes such as
		197	.Xr null 4 ,
		198	.Xr zero 4 ,
		199	.Xr stdin 4 ,
		200	.Xr stdout 4 ,
		201	.Xr stderr 4 ,
		202	.Xr arandom 4
		203	and
		204	.Xr tty 4
		205	devices.
		206	For file transfer sessions using
		207	.Dq sftp ,
		208	no additional configuration of the environment is necessary if the
		209	in-process sftp server is used (see
		210	.Cm Subsystem
		211	for details.
		212	.Pp
		213	The default is not to
		214	.Xr chroot 2 .
176	.It Cm Ciphers	215	.It Cm Ciphers
177	Specifies the ciphers allowed for protocol version 2.	216	Specifies the ciphers allowed for protocol version 2.
178	Multiple ciphers must be comma-separated.	217	Multiple ciphers must be comma-separated.
@@ -740,11 +779,22 @@ The default is
740	Configures an external subsystem (e.g. file transfer daemon).	779	Configures an external subsystem (e.g. file transfer daemon).
741	Arguments should be a subsystem name and a command (with optional arguments)	780	Arguments should be a subsystem name and a command (with optional arguments)
742	to execute upon subsystem request.	781	to execute upon subsystem request.
		782	.Pp
743	The command	783	The command
744	.Xr sftp-server 8	784	.Xr sftp-server 8
745	implements the	785	implements the
746	.Dq sftp	786	.Dq sftp
747	file transfer subsystem.	787	file transfer subsystem.
		788	.Pp
		789	Alternately the name
		790	.Dq internal-sftp
		791	implements an in-process
		792	.Dq sftp
		793	server.
		794	This may simplify configurations using
		795	.Cm ChrootDirectory
		796	to force a different filesystem root on clients.
		797	.Pp
748	By default no subsystems are defined.	798	By default no subsystems are defined.
749	Note that this option applies to protocol version 2 only.	799	Note that this option applies to protocol version 2 only.
750	.It Cm SyslogFacility	800	.It Cm SyslogFacility