1 --- openssh-4.4p1/servconf.c.orig 2006-08-18 16:23:15.000000000 +0200
2 +++ openssh-4.4p1/servconf.c 2006-10-05 10:11:17.065971000 +0200
5 /* Portable-specific options */
9 + options->use_chroot = -1;
11 /* Standard Options */
12 options->num_ports = 0;
13 options->ports_from_cmdline = 0;
15 if (options->use_pam == -1)
18 + if (options->use_chroot == -1)
19 + options->use_chroot = 0;
21 /* Standard Options */
22 if (options->protocol == SSH_PROTO_UNKNOWN)
23 options->protocol = SSH_PROTO_1|SSH_PROTO_2;
25 sBadOption, /* == unknown option */
26 /* Portable-specific options */
29 /* Standard Options */
30 sPort, sHostKeyFile, sServerKeyBits, sLoginGraceTime, sKeyRegenerationTime,
31 sPermitRootLogin, sLogFacility, sLogLevel,
34 { "usepam", sUnsupported, SSHCFG_GLOBAL },
37 + { "usechroot", sUseChroot, SSHCFG_GLOBAL },
39 + { "usechroot", sUnsupported, SSHCFG_GLOBAL },
41 { "pamauthenticationviakbdint", sDeprecated, SSHCFG_GLOBAL },
42 /* Standard Options */
43 { "port", sPort, SSHCFG_GLOBAL },
45 intptr = &options->use_pam;
49 + intptr = &options->use_chroot;
52 /* Standard Options */
55 --- openssh-3.7.1p2/servconf.h 2003-09-02 14:58:22.000000000 +0200
56 +++ openssh-3.7.1p2.pius/servconf.h 2003-10-07 20:49:08.000000000 +0200
58 int max_startups_rate;
60 char *banner; /* SSH-2 banner message */
61 + int use_chroot; /* Enable chrooted enviroment support */
63 int client_alive_interval; /*
64 * poke the client this often to
65 --- openssh-4.0p1/session.c.orig 2005-03-06 12:38:52.000000000 +0100
66 +++ openssh-4.0p1/session.c 2005-03-10 15:14:04.000000000 +0100
67 @@ -1258,6 +1258,10 @@
69 do_setusercontext(struct passwd *pw)
76 if (getuid() == 0 || geteuid() == 0)
77 #endif /* HAVE_CYGWIN */
78 @@ -1315,6 +1319,26 @@
83 + if (options.use_chroot) {
84 + user_dir = xstrdup(pw->pw_dir);
85 + new_root = user_dir + 1;
87 + while((new_root = strchr(new_root, '.')) != NULL) {
89 + if(strncmp(new_root, "/./", 3) == 0) {
93 + if(chroot(user_dir) != 0)
94 + fatal("Couldn't chroot to user directory %s", user_dir);
95 + pw->pw_dir = new_root;
104 * PAM credentials may take the form of supplementary groups.
105 --- openssh-3.7.1p2/sshd_config 2003-09-02 14:51:18.000000000 +0200
106 +++ openssh-3.7.1p2.pius/sshd_config 2003-10-07 20:49:08.000000000 +0200
108 # bypass the setting of 'PasswordAuthentication'
111 +# Set this to 'yes' to enable support for chrooted user environment.
112 +# You must create such environment before you can use this feature.
115 #AllowTcpForwarding yes
118 --- openssh-4.4p1/sshd_config.0.orig 2006-09-26 13:03:48.000000000 +0200
119 +++ openssh-4.4p1/sshd_config.0 2006-10-05 10:11:41.615971000 +0200
121 To disable TCP keepalive messages, the value should be set to
125 + Specifies whether to use chroot-jail environment with ssh/sftp,
126 + i.e. restrict users to a particular area in the filesystem. This
127 + is done by setting user home directory to, for example,
128 + /path/to/chroot/./home/username. sshd looks for a '.' in the
129 + users home directory, then calls chroot(2) to whatever directory
130 + was before the . and continues with the normal ssh functionality.
131 + For this to work properly you have to create special chroot-jail
132 + environment in a /path/to/chroot directory.
134 UseDNS Specifies whether sshd(8) should look up the remote host name and
135 check that the resolved host name for the remote IP address maps
136 back to the very same IP address. The default is ``yes''.
137 --- openssh-3.8p1/sshd_config.5.orig 2004-02-18 04:31:24.000000000 +0100
138 +++ openssh-3.8p1/sshd_config.5 2004-02-25 21:17:23.000000000 +0100
140 The possible values are: DAEMON, USER, AUTH, LOCAL0, LOCAL1, LOCAL2,
141 LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7.
144 +Specifies whether to use chroot-jail environment with ssh/sftp, i.e. restrict
145 +users to a particular area in the filesystem. This is done by setting user
146 +home directory to, for example, /path/to/chroot/./home/username.
148 +looks for a '.' in the users home directory, then calls
150 +to whatever directory was before the . and continues with the normal ssh
151 +functionality. For this to work properly you have to create special chroot-jail
152 +environment in a /path/to/chroot directory.
154 Specifies whether the system should send TCP keepalive messages to the