From owner-freebsd-security Thu Aug 15 7: 1: 9 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E8E7A37B400 for ; Thu, 15 Aug 2002 07:01:06 -0700 (PDT) Received: from argus.volker.de (pD9504DB0.dip.t-dialin.net [217.80.77.176]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4A4A343E6A for ; Thu, 15 Aug 2002 07:01:05 -0700 (PDT) (envelope-from freebsd@secspace.de) Received: from argus.volker.de (localhost [127.0.0.1]) by argus.volker.de (8.12.5/8.12.5) with SMTP id g7FE12db082116 for ; Thu, 15 Aug 2002 16:01:03 +0200 (CEST) (envelope-from freebsd@secspace.de) Date: Thu, 15 Aug 2002 16:01:02 +0200 From: Volker Kindermann To: security@freebsd.org Subject: Re: Chroot environment for ssh Message-Id: <20020815160102.11f7c27b.freebsd@secspace.de> In-Reply-To: <20020815134341.GO1144@juno.paeps.cx> References: <20020815134341.GO1144@juno.paeps.cx> X-Mailer: Sylpheed version 0.8.1claws (GTK+ 1.2.10; i386-portbld-freebsd4.6) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi Philip, > I'm in the process of setting up a form of fileserver, and I'd like > for my users to be able to work only in their home directories, not > anywhere else. I would like to use SSH for the connections, as > opposed to FTP, but I don't want users to be able to log into an > interactive shell (only SCP/SFTP) and I don't want them to 'escape' > out of their home directories. take a look at http://www.sublimation.org/scponly scponly has a chroot-Mode but the setup is a little tricky. -volker -- Please don't cc me: I read the lists and don't need your message twice :-) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message