Date: Wed, 17 Jul 2002 01:24:09 +0100 From: Daniel Bye <dan@slightlystrange.org> To: freebsd-questions@freebsd.org Subject: Re: SSH Message-ID: <20020717002409.GA23069@catflap.home.slightlystrange.org> In-Reply-To: <20020716235125.GA22090@catflap.home.slightlystrange.org> References: <20020716233948.1762.qmail@linuxmail.org> <20020716235125.GA22090@catflap.home.slightlystrange.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Jul 17, 2002 at 12:51:25AM +0100, Daniel Bye wrote: > On Wed, Jul 17, 2002 at 07:39:48AM +0800, Rafter Man wrote: > > Hi again :-) > > > > How do you chroot people logging in via ssh? or sftp? > > The easiest solution I've found for this is to give your restricted > users rbash as a login shell. (This applies to interactive ssh > connections, I don't know about sftp - I don't use it). > > rbash probably won't exist on your system yet. If bash is installed > (it's in ports, naturally ;-), make a link called rbash to the bash > executable: > > # ln /usr/local/bin/bash /usr/local/bin/rbash > > Add /usr/local/bin/rbash to your /etc/shells, and make it the default > shell for your restricted users. Oops... I should probably also point out that rbash doesn't actually call chroot. It does, however, impose severe restrictions on what your users can do. Check out the section "RESTRICTED SHELL" in man bash for more details. I guess if it is essential your users are chroot'ed, this isn't for you, but, as they say, your mileage may vary... Dan -- Daniel Bye PGP Key: ftp://ftp.slightlystrange.org/pgpkey/dan.asc PGP Key fingerprint: 3D73 AF47 D448 C5CA 88B4 0DCF 849C 1C33 3C48 2CDC _ ASCII ribbon campaign ( ) - against HTML, vCards and X - proprietary attachments in e-mail / \ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020717002409.GA23069>