From owner-freebsd-questions Fri Oct 11 1:43:43 2002 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C926937B406 for ; Fri, 11 Oct 2002 01:43:39 -0700 (PDT) Received: from smtp-relay1.noc.dsvr.net (smtp-relay02.tc.dsvr.net [212.69.192.6]) by mx1.FreeBSD.org (Postfix) with ESMTP id DF39243EB2 for ; Fri, 11 Oct 2002 01:43:38 -0700 (PDT) (envelope-from james@stealthnet.co.uk) Received: from [212.69.208.113] (helo=stealthnet.co.uk) by smtp-relay1.noc.dsvr.net with esmtp (Exim 3.34 #1) id 17zvOQ-0003CH-00; Fri, 11 Oct 2002 09:43:34 +0100 Received: from stealthnet.co.uk (stealthn.gotadsl.co.uk [81.6.250.189]) by stealthnet.co.uk (8.11.6/8.11.6) with ESMTP id g9B8hYH00933; Fri, 11 Oct 2002 09:43:34 +0100 Message-ID: <3DA68FAE.9050204@stealthnet.co.uk> Date: Fri, 11 Oct 2002 09:45:34 +0100 From: James Green User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.1) Gecko/20020826 X-Accept-Language: en-us, en MIME-Version: 1.0 To: Jason Morgan Cc: freebsd-questions@FreeBSD.ORG Subject: Re: SSH/FTP Access References: <200210100428.g9A4SGU20412@mx.datasync.com> <20021010153155.GB80376@sentinelchicken.net> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Jason Morgan wrote: > On Wed, Oct 09, 2002 at 11:28:16PM -0500, DiaDems@Datasync.com wrote: > >>Just wondering is there a way to limit SSH access (when adding a user or period) so that user can only use SSH to access or effect their home directory? > > With ssh2 you can use chroot to limit access to other dirs. In your config: > > ChRootUsers user1,user2,user3 > > you can also restric groups the same way: > > ChRootGroups group1,group2,group3 > > Just don't forget to hardlink any system files into their directories so they can actually use their accounts. > > Note: I've never done this myself and I just pulled the 'how-to' from O'Reilly's SSH book. This is a great resource, > and I recommend you get a copy. Just occassionally, the kind souls on freebsd-users come up with real gems of information. Thank you, I've been looking for a solution like this for weeks! James To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message