[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[xougen] Re: [Gnu-arch-users] Savannah sftp broken again!
|
From: |
Mathieu Roy |
|
Subject: |
[xougen] Re: [Gnu-arch-users] Savannah sftp broken again! |
|
Date: |
Tue, 16 Sep 2003 11:47:05 -0000 |
|
User-agent: |
Gnus/5.09 (Gnus v5.9.0) Emacs/21.3 |
Ethan Benson <address@hidden> said:
> On Tue, Sep 16, 2003 at 01:38:59AM -0700, Jonathan Walther wrote:
> >
> > Someone switched the sshd configuration to use the so-called "chroot"
> > version of the sftp subsystem. This does not work, it has never worked,
> > and it CANNOT work. Any project that wants to have an arch repository
> > needs it to work, including my project.
> >
> > sftp has never yet been compromised, and the version of ssh on Savannah
> > is up to date. The directory permissions are set correctly. What is to
> > worry about? Noone is able to access anything with sftp they cannot
> > ALREADY access with ssh.
>
> let me get this straight...
>
> savannah users (those who are registered, have valid accounts etc) get
> a normal full ssh shell account on this machine, not chrooted. sftp
> only allows connections from these same authenticated real accounts
> (no `anonymous'), and yet sftp is being chrooted?
>
> as a sysadmin myself, ill state that this makes no sense. sftp is
> only available to the same users who already have a full shell, there
> is no additional threat from it that is not already present by
> allowing shell access.
I'm not able to post address@hidden and
address@hidden (non member of the list), so please forward
my mail.
savannah users does not have full shell ssh account. Please read the
Savannah documentation.
--
Mathieu Roy
Homepage:
http://yeupou.coleumes.org
Not a native english speaker:
http://stock.coleumes.org/doc.php?i=/misc-files/flawed-english