System details:
RHEL 4.5
openssh-3.9p1-8.RHEL4.20.src.rpm
vsftpd-2.0.1-6.el4.src.rpm
This is an FTP server, all users have been jailed to '/home/jail/home/$username', using Wolfgang Fuschlberger' script:
http://www.fuschlberger.net/programs...p-chroot-jail/
The users connect via SFTP; however, they are able to cd up to '/home/jailed/' so I decided to also chroot them into their home directories, to prohibit them from cding up from '/home/jail/home/$username'.
Snippet of my /etc/vsftpd/vsftpd.conf containing relevant directives regarding chroot:
chroot_list_enable=YES
chroot_local_user=NO
chroot_list_file=/etc/vsftpd.chroot_list
This is supposed to chroot users into their home. However I wasn't seeing any changes upon reloading the vsftpd daemon. I made the changes a few times and nothing ... things were still the same; although users were jailed, they were not being chrooted; they could still cd up to '/home/jail/'. Eventually I noticed, by pure accident, that I could still connect to the FTP server even when vsftpd was stopped!!
I was baffled!
I found this directive in my /etc/ssh/sshd_config:
Subsystem sftp /usr/libexec/openssh/sftp-server
Question:
- Does it mean that openssh is directly handling SFTP connections?