Date: Thu, 13 Jan 2005 17:54:47 -0800 From: Brooks Davis <brooks@one-eyed-alien.net> To: vvi tech <tech@vvi.at> Cc: freebsd-security@freebsd.org Subject: Re: Equilivant for a sshchroot file? Message-ID: <20050114015447.GA4695@odin.ac.hmc.edu> In-Reply-To: <BE0C63D3.26501%tech@vvi.at> References: <BE0C63D3.26501%tech@vvi.at>
next in thread | previous in thread | raw e-mail | index | archive | help
--tThc/1wpZn/ma/RB Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, Jan 13, 2005 at 05:43:47PM -0800, vvi tech wrote: > Hey guys I really have made use of the ftpchroot file in /etc but I wonder > why is there no equivalent of that for ssh and telnet accounts? Basically > simply limiting traversing the file system to specific shell users root. It's a vastly different problem. With ftp, all you need to do is keep the daemon and possiably a few external programs working. With ssh or telnet, there's little point unless you can keep a set of applications working. There are choot patches for ssh avaliable. Alternativly, you can use jail(8) to seperate processes from each other. One (debian specific)writeup on chrooted ssh: http://www.debian.org/doc/manuals/securing-debian-howto/ap-chroot-ssh-env.e= n.html -- Brooks --=20 Any statement of the form "X is the one, true Y" is FALSE. PGP fingerprint 655D 519C 26A7 82E7 2529 9BF0 5D8E 8BE9 F238 1AD4 --tThc/1wpZn/ma/RB Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQFB5yZnXY6L6fI4GtQRAjyzAJ44hV4zpHVt3ovP5BI79jgME6YUdQCggBWE EQtIlMroKBPrW9z5GAveW3w= =2Wed -----END PGP SIGNATURE----- --tThc/1wpZn/ma/RB--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050114015447.GA4695>