Please change the titles to scponly: init at 4.8

@SuperSandro2000 done, thanks!

This is a semi-automatic executed nixpkgs-review which does not build all packages (e.g. lumo, tensorflow or pytorch)
If you find some bugs or got suggestions for further things to search or run please reach out to SuperSandro2000 on IRC.

Result of nixpkgs-review pr 109452 run on x86_64-linux 1

@wmertens aren't you supposed to add shellPath to passthru?

Also, this is pretty old software now... is it secure?

Ah, I didn't know about shellPath, I just used the direct path to the shell. Indeed, added now.

As for security - I could only find CVEs for previous versions and it's still used in Ubuntu, so I reasoned that it is more secure than not having anything. At worst you get shell access, which is only marginally more than just having scp access.

@wmertens awesome! I would love to use this then. What problems did you have with chroot, because that would be great to have working.

@aanderse I tried the following steps:

• enabling it with the --enable-chrooted-binary config flag
• adding a suid wrapper
• using the suid wrapper as the shell

It didn't seem to make a difference, I was still able to see outside the home directory. Perhaps I was missing a step. I was also wondering if perhaps systemd could provide some sort of user jail but I couldn't find anything.

@wmertens that is too bad. Sounds like it would require some debugging to figure that out. Oh well 🤷‍♂️

Thanks!

Can this be merged? I can't really tell if the discussions are a merge blocker.

This is a semi-automatic executed nixpkgs-review which does not build all packages (e.g. lumo, tensorflow or pytorch)
If you find some bugs or got suggestions for further things to search or run please reach out to SuperSandro2000 on IRC.

Result of nixpkgs-review pr 109452 run on x86_64-linux 1

No problems here. Anything I'm talking about could be implemented in a future PR, if ever.