Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 20 Dec 2004 22:27:10 +0100
From:      martin hudec <corwin@aeternal.net>
To:        freebsd-security@freebsd.org
Subject:   Re: chroot-ing users coming in via SSH and/or SFTP?
Message-ID:  <20041220212710.GA678@pleiades.aeternal.net>
In-Reply-To: <6.2.0.14.2.20041220142255.06260ca0@localhost>
References:  <6.2.0.14.2.20041220142255.06260ca0@localhost>
next in thread | previous in thread | raw e-mail | index | archive | help 

--FCuugMFkClbJLl1L
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

Hello,

On Mon, Dec 20, 2004 at 02:23:02PM -0700 or thereabouts, Brett Glass wrote:
> The users depositing files on the server shouldn't be allowed to see what
> one another are doing or to grope around on the system, so it'd be a good
> idea to chroot them into home directories, as is commonly done with FTP.
>=20
> However, OpenSSH (or at least FreeBSD's version of it) doesn't seem to ha=
ve a
> mechanism that allows users doing SSH, SCP, or SFTP to be chroot-ed into =
a=20
> specific directory. What is the most effective and elegant way to do this=
? I've=20
> seen some crude patches that allow you to put a /. in the home directory =
specified
> in /etc/passwd, but these are specific to versions of the "portable" Open=
SSH
> and none of the diffs seem to match FreeBSD's files exactly.=20

     go for /usr/ports/shells/scponly, it also has ability to use
     chroot.


     	Cheers,

	Martin

--=20
martin hudec


   * 421 907 303 393
   * corwin@aeternal.net
   * http://www.aeternal.net

"Nothing travels faster than the speed of light with the possible=20
exception of bad news, which obeys its own special laws."

   Douglas Adams, "The Hitchhiker's Guide to the Galaxy"

--FCuugMFkClbJLl1L
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (FreeBSD)

iD8DBQFBx0OuZYEZIv+rgggRAuaTAJ0eAh9wMsjGyt6alDraKN33mT41HwCeNSXH
3fKPFHtUUX6dEHi2pOQa2fw=
=s0oL
-----END PGP SIGNATURE-----

--FCuugMFkClbJLl1L--

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20041220212710.GA678>