From owner-freebsd-security@FreeBSD.ORG  Tue Dec 21 16:50:29 2004
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 0CCCF16A4CE
	for <freebsd-security@freebsd.org>;
	Tue, 21 Dec 2004 16:50:29 +0000 (GMT)
Received: from serv03.inetworx.ch (serv03.inetworx.ch [193.17.199.23])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 77D9F43D1F
	for <freebsd-security@freebsd.org>;
	Tue, 21 Dec 2004 16:50:28 +0000 (GMT)	(envelope-from dev@eth0.ch)
Received: from localhost (localhost.localdomain [127.0.0.1])
	by serv03.inetworx.ch (Postfix) with ESMTP id 036D5252D6E
	for <freebsd-security@freebsd.org>;
	Tue, 21 Dec 2004 17:50:27 +0100 (CET)
Received: from serv03.inetworx.ch ([127.0.0.1])
 by localhost (serv03.inetworx.ch [127.0.0.1]) (amavisd-new, port 10024)
 with LMTP id 17867-02-6 for <freebsd-security@freebsd.org>;
 Tue, 21 Dec 2004 17:50:26 +0100 (CET)
Received: from www.inetworx.ch (serv04.inetworx.ch [193.17.199.24])
	by serv03.inetworx.ch (Postfix) with ESMTP id BE150252D63
	for <freebsd-security@freebsd.org>;
	Tue, 21 Dec 2004 17:50:26 +0100 (CET)
Received: from 217.162.71.141
        (SquirrelMail authenticated user dev.eth0);
        by www.inetworx.ch with HTTP;
        Tue, 21 Dec 2004 17:50:26 +0100 (CET)
Message-ID: <1703.217.162.71.141.1103647826.squirrel@217.162.71.141>
In-Reply-To: <993621639.20041221143348@wilbury.sk>
References: <6.2.0.14.2.20041220142255.06260ca0@localhost>
    <20041220212304.GV792@sourcefire.com>
    <6.2.0.14.2.20041220145924.0624c328@localhost>
    <20041220221928.GA2698@sourcefire.com>
    <993621639.20041221143348@wilbury.sk>
Date: Tue, 21 Dec 2004 17:50:26 +0100 (CET)
From: "David E. Meier" <dev@eth0.ch>
To: freebsd-security@freebsd.org
User-Agent: SquirrelMail/1.4.3a
X-Mailer: SquirrelMail/1.4.3a
MIME-Version: 1.0
Content-Type: text/plain;charset=iso-8859-1
Content-Transfer-Encoding: 8bit
X-Priority: 3 (Normal)
Importance: Normal
X-Virus-Scanned: by amavisd-new at inetworx.ch
Subject: Re: Re[2]: chroot-ing users coming in via SSH and/or SFTP?
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Security issues [members-only posting]
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>,
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>,
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 21 Dec 2004 16:50:29 -0000

>
> maybe somebody should port this:
>
> http://chrootssh.sourceforge.net/index.php
>
> it seems good :-)

Just go to /usr/ports/security/openssh-portable and run:

# make –DWITH_OPENSSH_CHROOT install

The portable version of OpenSSH contains this patch already.

Dave