Finally managed to create a jailed SFTP server, but how secure?
Wed Dec 3 00:00:00 GMT 2008
Many thanks for all your responses so far and I apologize if I
seem to be very persistent with my questions in this thread.
Maybe it's my fault to pose a such general question. Maybe I should
be more specific in my questions, asking many smaller targeted
questions instead of one big one.
- Why does internal-sftp subsystem creates /cygdrive inside the
- Who creates it? sshd or internal-sftp?
- Why /cygdrive is needed in the jailed environment?
- What harm can one do via /cygdrive eventhough it looks empty?
- Is it possible to hide it in the jailed environment? How?
- internal-sftp seems to have visibility outside the jail directory
as it can list the owner and group name of the objects inside the
jail directory although I haven't copied /etc/passwd and /etc/group
to the jailed directory.
How can this be possible?
- If I log on using public key authentication, sshd with its internal-
sftp embedded in it runs using sshd account (correct me if I'm
wrong here). But how can it read/write to a directory which does not
belong to that account and from which I revoked group and other r/w
- etc etc
Maybe if I know the answer to some of these puzzles, I would be able
to figure out better what kind of security I can expect from SFTP on
Do you think I'd better start 2-3 new threads with specific questions in
each? Or shall I just carry on with this thread.
Your suggestions are always more than welcome in this quest.
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Problem reports: http://cygwin.com/problems.html
More information about the Cygwin