From owner-freebsd-questions@FreeBSD.ORG Tue May 30 09:28:20 2006 Return-Path: X-Original-To: questions@freebsd.org Delivered-To: freebsd-questions@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id F2C7716A661 for ; Tue, 30 May 2006 09:28:19 +0000 (UTC) (envelope-from mikhailg@webanoide.org) Received: from cayster.site5.com (cayster.multisite.site5.com [216.118.97.189]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4CA8843D58 for ; Tue, 30 May 2006 09:28:12 +0000 (GMT) (envelope-from mikhailg@webanoide.org) Received: from ppp110-20.lns1.hba1.internode.on.net ([150.101.110.20] helo=[192.168.0.4]) by cayster.site5.com with esmtpa (Exim 4.52) id 1Fl0WF-0005pG-8q; Tue, 30 May 2006 05:28:07 -0400 Message-ID: <447C1021.1070209@webanoide.org> Date: Tue, 30 May 2006 19:28:01 +1000 From: Mikhail Goriachev Organization: Webanoide User-Agent: Thunderbird 1.5.0.2 (Macintosh/20060308) MIME-Version: 1.0 To: Marwan Sultan References: In-Reply-To: X-Enigmail-Version: 0.94.0.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-Antivirus-Scanner: This message has been scanned by ClamAV. X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - cayster.site5.com X-AntiAbuse: Original Domain - freebsd.org X-AntiAbuse: Originator/Caller UID/GID - [0 0] / [47 12] X-AntiAbuse: Sender Address Domain - webanoide.org X-Source: X-Source-Args: X-Source-Dir: Cc: freebsd@amadeus.demon.nl, questions@freebsd.org, dimitar.vassilev@gmail.com, gil@asol.com.ph Subject: Re: User Access restriction. X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 30 May 2006 09:28:22 -0000 Marwan Sultan wrote: > Hello, > > Yes, I understand that To lockup a user from navigating outside their > home directories through > ftp, I simply can add them to /etc/ftpchroot and when a user connects > It wont allow him > to go any level higher than his Home Directory. > No need for proftpd as additional port, because the base system will do > it throu /etc/ftpchroot > > BUT!! > The user can connect through SSH and navigate, > Here where my information stops, > 2 questions, > 1) How do I have a list from few users to disallow them using SSH? > is there any where i add a user to disallow him from using SSH? man sshd_config and see AllowUsers/DenyUsers sections. > > 2) If I want to lock the user through his SSH session not FTP session > whats the way? > Is jail the only way? no easier way? chroot can do it? how if yes? or > whats the alternatives? > > Thank you guys for following up with me. > > Marwan Cheers, Mikhail. -- Mikhail Goriachev Webanoide Telephone: +61 (0)3 62252501 Mobile Phone: +61 (0)4 38255158 E-Mail: mikhailg@webanoide.org Web: http://www.webanoide.org PGP Key ID: 0x4E148A3B PGP Key Fingerprint: D96B 7C14 79A5 8824 B99D 9562 F50E 2F5D 4E14 8A3B