EldoS | Feel safer!

Software components for data protection, secure storage and transfer

SSH Shell Question

Also by EldoS: CallbackProcess
A component to control process creation and termination in Windows and .NET applications.
#4644
Posted: 01/03/2008 16:49:09
by Tony Caduto (Basic support level)
Joined: 12/31/2007
Posts: 23

Hi,
Is there a way to chroot the user to a certain directory when they login and use the shell access?
I want to allow SFTP and shell access, but only to the users virtual home directory.

Thanks,

Tony
#4645
Posted: 01/03/2008 17:00:43
by Mykola Olshevsky (Basic support level)
Joined: 07/07/2005
Posts: 450

With SFTP it's simple, because you are controlling all the file operations with SFTP server.
But with shell access it doesn't seem to be an easy task, you should need to write your own shell, or run another chroot-et shell. It depends, which operations your users should be able to perform in shell.
#4646
Posted: 01/03/2008 17:37:02
by Tony Caduto (Basic support level)
Joined: 12/31/2007
Posts: 23

The registered version comes with the source for the shell right? If so I could modify that to my needs correct?
#4652
Posted: 01/04/2008 02:59:59
by Eugene Mayevski (EldoS Corp.)

Yes, the registered version comes with source. I'd suggest that you use the source as a guide for creating your own handler and not modify the existing code. This is safer from update point of view.


Sincerely yours
Eugene Mayevski
#4655
Posted: 01/04/2008 09:22:47
by Tony Caduto (Basic support level)
Joined: 12/31/2007
Posts: 23

Hi Eugene,

Any chance of getting chroot/homedir support built in in the upcoming 6.x version?
It would also be nice to have a property where you could set the home dir and then have a boolean property called chroot. Now that would be really cool.

Thanks,

Tony
#4656
Posted: 01/04/2008 09:29:10
by Eugene Mayevski (EldoS Corp.)

Quote
Tony Caduto wrote:
Any chance of getting chroot/homedir support built in in the upcoming 6.x version?


No, sorry. This is way too specific requirement to implement it now. SSH Server was designed in the way that the user implements the subsystem handler the way s/he needs.


Sincerely yours
Eugene Mayevski
#4657
Posted: 01/04/2008 09:44:50
by Eugene Mayevski (EldoS Corp.)

BTW ... TElShellSSHSubsystemHandler is not available for Linux anyway. We implemented it only for VCL/Win32.


Sincerely yours
Eugene Mayevski
#4661
Posted: 01/04/2008 13:37:07
by Tony Caduto (Basic support level)
Joined: 12/31/2007
Posts: 23

Can't a new one be created that works on linux? or does it use a lot of win32 specific API calls?
If it's using VCL functions it should work with some modification for the Linux File system right?

What about the .net version, will that shell handler work on Mono on Linux?

Thanks,

Tony


#4662
Posted: 01/04/2008 14:02:49
by Eugene Mayevski (EldoS Corp.)

Current implementation of Shell Subsystem just calls cmd.exe (or whatever other shell you provide) and redirects input and output. The whole handler code is about 150 lines of code, all of which are Win32-specific. I.e. we would need to create another implementation specifically for Linux. As you have special requirements for such handler anyway (and you are the first person to ask for shell handler on linux), I feel that you will implement such handler faster than we. Don't get me wrong, - we implement most user requests, but with a pending list of over 70 to-do items we can't make a handler for you right now.


Sincerely yours
Eugene Mayevski
#32124
Posted: 02/06/2015 07:09:03
by Michel Demierre (Standard support level)
Joined: 02/13/2013
Posts: 1

Hi Eugene,

This thread is quite old but... I successfully use the TElShellSSHSubsystemHandler on Windows and now I also need it for Linux (Debian 7.x).

Is it planned to implement it on Linux ?
Or is it possible to get your code for the Windows to quickly adapt it for Linux ?

Best regards,
M. Demierre
Also by EldoS: CallbackProcess
A component to control process creation and termination in Windows and .NET applications.

Reply

Statistics

Topic viewed 2895 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!