Damien Miller wrote:
> No, letting users chroot to arbitrary directories introduces
> serious security problems. Think about hard-linking /bin/su into
> a chroot on the same filesystem where an attacker has filled in
> a friendly /etc/passwd.

OK, so adding chrootdir option to authorized keys is a bad idea.

Another way to achieve my objective, which is additional sftp file
access restrictions to connections authorized with certain keys, would
be to modify sftp-server to accept a directory parameter. The
authorized_keys could then have 'command="sftp-server -d
/home/user/stuff"' option to restrict access to /home/user/stuff.

Could this be made secure so that if an attacker has a copy of the
(passwordless) private key, he would not be able to access files outside
the given directory?

openssh-unix-dev mailing list