Red Hat Bugzilla – Bug 440240
request to add chroot sftp capabilty into openssh-server
Last modified: 2010-10-22 19:41:30 EDT
+++ This bug was initially created as a clone of Bug #440043 +++
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9b4pre)
Gecko/2008030315 Red Hat/3.0b4pre-0.beta3.4.el5 Minefield/3.0b4pre
Description of problem:
Customer is requesting, for security reasons, that we add chroot capability to
our sshd server, more specifically for sftp.
Upstream OpenSSH software version 4.9 recently incorporated this feature.
See release notes and man pages:
Can we backport this feature into our current version of the openssh-server
package for RHEL?
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. Use of current OpenSSH RHEL software
No chroot environment built in configuration options.
An openssh-server capable of built in chroot configuration options.
-- Additional comment from email@example.com on 2008-04-02 07:42 EST --
Given the state of maintenance of RHEL-4 I am not sure this is appropriate
feature for backport. It would also have to be backported to RHEL-5 first so we
wouldn't regress feature-wise.
What is the state of this enhancement bug ?
It could be nice to have the chroot feature.
This feature is being implemented. If everything goes well it should appear in the RHEL 5.4 update package.
A little precision, because there's no package version, a recent version (or backport of some parts) is necessary to be able to log informations when using this function.
Version 5.2p1 seems necessary, some informations here :
This bug is repaired in Rawhide, not in upstream. While the fix will not be well tested, I don't want it in RHEL.
I've meant broken logging in last reply.
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.