+++ This bug was initially created as a clone of Bug #440043 +++ From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9b4pre) Gecko/2008030315 Red Hat/3.0b4pre-0.beta3.4.el5 Minefield/3.0b4pre Description of problem: Customer is requesting, for security reasons, that we add chroot capability to our sshd server, more specifically for sftp. Upstream OpenSSH software version 4.9 recently incorporated this feature. See release notes and man pages: http://openssh.org/txt/release-4.9 http://www.openbsd.org/cgi-bin/man.cgi?query=sshd_config Can we backport this feature into our current version of the openssh-server package for RHEL? Version-Release number of selected component (if applicable): How reproducible: Always Steps to Reproduce: 1. Use of current OpenSSH RHEL software Actual Results: No chroot environment built in configuration options. Expected Results: An openssh-server capable of built in chroot configuration options. Additional info: -- Additional comment from tmraz on 2008-04-02 07:42 EST -- Given the state of maintenance of RHEL-4 I am not sure this is appropriate feature for backport. It would also have to be backported to RHEL-5 first so we wouldn't regress feature-wise.
What is the state of this enhancement bug ? It could be nice to have the chroot feature.
This feature is being implemented. If everything goes well it should appear in the RHEL 5.4 update package.
A little precision, because there's no package version, a recent version (or backport of some parts) is necessary to be able to log informations when using this function. Version 5.2p1 seems necessary, some informations here : https://bugzilla.mindrot.org/show_bug.cgi?id=1527 Regards,
This bug is repaired in Rawhide, not in upstream. While the fix will not be well tested, I don't want it in RHEL.
I've meant broken logging in last reply.
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on therefore solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHSA-2009-1287.html