From owner-freebsd-questions@FreeBSD.ORG  Wed May  4 16:05:19 2011
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 40EE71065672
	for <freebsd-questions@freebsd.org>;
	Wed,  4 May 2011 16:05:19 +0000 (UTC)
	(envelope-from peter@vereshagin.org)
Received: from mx1.skyriver.ru (ns1.skyriver.ru [89.108.118.221])
	by mx1.freebsd.org (Postfix) with ESMTP id EFCE08FC13
	for <freebsd-questions@freebsd.org>;
	Wed,  4 May 2011 16:05:18 +0000 (UTC)
Received: from localhost (tor-exit-router40-readme.formlessnetworking.net
	[199.48.147.40])
	by mx1.skyriver.ru (Postfix) with ESMTPSA id 475385A95
	for <freebsd-questions@freebsd.org>;
	Wed,  4 May 2011 19:41:14 +0400 (MSD)
Date: Wed, 4 May 2011 20:04:59 +0400
From: Peter Vereshagin <peter@vereshagin.org>
To: freebsd-questions@freebsd.org
Message-ID: <20110504160459.GB5327@external.screwed.box>
References: <07CAE521148F4E7392202CD6B031F504@jarasc430>
	<4DC139F7.9080109@infracaninophile.co.uk>
	<BANLkTinnErTDZYwsV8OgzRfbMTXoHzQeMw@mail.gmail.com>
	<BANLkTinSmbwOzya3we70Dn-RHb4Xg5sBwA@mail.gmail.com>
	<BANLkTinTG6koR3H-=6D+Zxkh6cbYNPgcHw@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=koi8-r
Content-Disposition: inline
In-Reply-To: <BANLkTinTG6koR3H-=6D+Zxkh6cbYNPgcHw@mail.gmail.com>
Organization: '
X-Face: 8T>{1owI$Byj]]a;
	^G]kRf*dkq>E-3':F>4ODP[#X4s"dr?^b&2G@'3lukno]A1wvJ_L(~u
	6>I2ra/<,j1%@C[LN=>p#_}RIV+#:KTszp-X$bQOj,K
Subject: Re: Limitting SSH access
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 04 May 2011 16:05:19 -0000

Wake me up when September ends, freebsd-questions!
2011/05/04 16:47:33 +0100 Chris Rees <utisoft@gmail.com> => To krad :
CR> > > > > Is it possible to limit the SSH access?
CR> > > Regarding ssh login, I usually use "rbash" from the ports, that
CR> restricts
CR> Or you could have a special /bin-restricted that you nullfs mount into
CR> ~userN/bin.


I personally should like to have a quick recipe on how to create such a limited
set of binaries ( libraries, mans, etc., each mounted with nullfs  read-only to
every such a user's home ) from the 'world' build.
Some options like the rsync I consider to be a must in some cases so this
should include the ports availability, isn't it?

73! Peter pgp: A0E26627 (4A42 6841 2871 5EA7 52AB  12F8 0CE1 4AAC A0E2 6627)
--
http://vereshagin.org