Thanks for this guide. I just used it to get a chrooted rssh server up on Gutsy (that is, Ubuntu 7.10).
I do have a couple questions, though.
For instance, what if I allow some chrooted and some non-chrooted users on my system, and maybe some of those non-chrooted users will have full ssh access. Will the non-chrooted users be able to exploit the suid'd rssh_chroot_helper to escalate privileges?
...Interestingly, when I followed the link that mtegmont provided above, I found the following:
So I followed that link, and found the following:Originally Posted by http://zephid.dk/2007/11/20/getting-the-power-of-sftp-chroot-in-debian/
So, it looks to me like an even better solution than this howto is on the horizon, once we get OpenSSH 4.9 in Ubuntu. (Please someone correct me if I'm mistaken.)Originally Posted by http://www.minstrel.org.uk/papers/sftp/
However, it appears to me that even Hardy (Ubuntu 8.04) is still using OpenSSH 4.7.
I guess that's not surprising, though, since OpenSSH 4.9 was only released on March 30, 2008, which was not long before Hardy. I suppose we'll see OpenSSH 5.0 (or later) in Intrepid (Ubuntu 8.10).