Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 28 Dec 2009 15:49:53 +0000
From:      krad <kraduk@googlemail.com>
To:        Tijl Coosemans <tijl@coosemans.org>
Cc:        freebsd-questions@freebsd.org, Marwan Sultan <dead_line@hotmail.com>
Subject:   Re: chroot SSH users.
Message-ID:  <d36406630912280749v5b88522aved3d4f0c103ba2e4@mail.gmail.com>
In-Reply-To: <200912281028.47462.tijl@coosemans.org>
References:  <SNT103-W1707BDD17EFB509D1EB7629A7C0@phx.gbl> <d36406630912270916t765e7dbyec98c5a674263df7@mail.gmail.com> <200912281028.47462.tijl@coosemans.org>
next in thread | previous in thread | raw e-mail | index | archive | help 
2009/12/28 Tijl Coosemans <tijl@coosemans.org>

> On Sunday 27 December 2009 18:16:47 krad wrote:
> > fairly easy if you read the man page 8) I wrote this howto for sun
> > boxes at work but it was using openssh so same rules should apply.
> > Make sure chroot support was compiled in though
> >
> >    1. Dont bother with sun ssh it wont work. Opensolaris and later
> solaris
> >    10 are bundled with openssh though.
> >    2. Make sure openssh version is 5 or above (some 4s do work but 5
> better)
> >    3. Add these lines to sshd config
> >
> >    Match Group sftponly
> >             ChrootDirectory /home/chroot/%u
> >             X11Forwarding no
> >             AllowTcpForwarding no
> >             ForceCommand internal-sftp
> >
> >     4. Make sure the Subsystem line is this
> >
> >    Subsystem       sftp    internal-sftp
> >
> >     5. create the sftponly group on the system
> >    6. put the relevent users in this group. be careful as you will stop
> them
> >    being able to ssh in!!
> >    7. Dead important this bit !!!
> >
> >    mkdir -p /home/chroot/<user>/home/<user>/.ssh
> >    chown -R root /home/chroot/<user>
> >    chown -R <user> /home/chroot/<user>
>
> Shouldn't this line be:
>   chown -R <user> /home/chroot/<user>/home/<user
>

strictly yes I probably missed i step where i sym linked it as i was copying
stuff from the shell history


>
> >    chmod -R 755 /home/chroot/<user> /home/chroot/<user>/home/<user>
> >    ln -s /home/chroot/<user>/home/<user> /home/.
> >
> >     8. Put their ssh keys in /home/chroot/<user>/home/<user>/.ssh
> >
> >  All should now work
>
>

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?d36406630912280749v5b88522aved3d4f0c103ba2e4>