There is no possibility to implement this mechanism ?

----- Original Message -----
From: "Dennis Nasarov" <nasarov (at) gmail (dot) com [email concealed]>
To: "Riccardo Castellani" <ric.castellani (at) alice (dot) it [email concealed]>
Cc: <secureshell (at) securityfocus (dot) com [email concealed]>
Sent: Sunday, February 27, 2011 6:45 PM
Subject: Re: Chroot: sshd bug ? user redirects to root folder.

On Feb 27, 2011, at 5:21 PM, Riccardo Castellani wrote:

> I installed openssh-5.6p1 into my Fedora server and I run this service
> into chroot mode.
> I think to have found out a BUG into this package, specifically into sshd
> service:
>
> if remote user tries to connect to this service, where its home directory
> is unaccessible because it doesn't respect right permissions (execution
> permission of owner is missed or home directory is missing), he comes
> automatically into root folder of chroot.

It's not a bug, it's a feature ;) (c)

> I think sshd should have to deny this login or at least sshd_config should
> have to contain the option to set this specifc behaviour; for example into
> Fedora distributions, there is "DEFAULT_HOME" option in /etc/login.defs
> file to permit this behavior.

No.

> Yes it's true, I can restrict access to specific users or use PAM module,
> but for security reasons I need to make sure myself to restrict access
> ONLY to home folder of user.
> I also could use PAM modules, but it's only available pam_mkhomedir.so
> which creates home folder if this one is not existing; I need
> pam_homecheck.so but it's available only as package for OpenSuse.
> Suggestions ?

[ reply ]