Date: Thu, 15 Aug 2002 20:02:11 +0200 From: Philip Paeps <philip@paeps.cx> To: security@freebsd.org Subject: Re: Chroot environment for ssh Message-ID: <20020815180211.GC91830@juno.paeps.cx> In-Reply-To: <20020815173540.GB91830@juno.paeps.cx> References: <20020815134341.GO1144@juno.paeps.cx> <20020815160102.11f7c27b.freebsd@secspace.de> <20020815173540.GB91830@juno.paeps.cx>
next in thread | previous in thread | raw e-mail | index | archive | help
On 2002-08-15 19:36:10, Philip Paeps <philip@paeps.cx> wrote: > On 2002-08-15 17:15:01, Volker Kindermann <freebsd@secspace.de> wrote: > > > I'm in the process of setting up a form of fileserver, and I'd like for > > > my users to be able to work only in their home directories, not anywhere > > > else. I would like to use SSH for the connections, as opposed to FTP, > > > but I don't want users to be able to log into an interactive shell (only > > > SCP/SFTP) and I don't want them to 'escape' out of their home > > > directories. > > > > take a look at http://www.sublimation.org/scponly > > The name of it sounds just like what I want! I'll give this a go, thanks! Okay, I've set it up, and my users are happily scp-only. That's most of the problem solved. > > scponly has a chroot-Mode but the setup is a little tricky. > > As long as it's not too burdensome to create new chrooted users, I'm > perfectly happy with it :-) This bit is still causing me a minor headache. The chroot script needs a bit of hacking before it a) works properly on FreeBSD, b) works good enough to be called from adduser or similar. When I'm done with that fix I think I might as well submit it as a port. I think it would do well in the ports collection! - Philip -- Philip Paeps philip@paeps.cx http://www.paeps.cx/ +32 486 114 720 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020815180211.GC91830>