Date: Mon, 20 Dec 2004 22:27:10 +0100 From: martin hudec <corwin@aeternal.net> To: freebsd-security@freebsd.org Subject: Re: chroot-ing users coming in via SSH and/or SFTP? Message-ID: <20041220212710.GA678@pleiades.aeternal.net> In-Reply-To: <6.2.0.14.2.20041220142255.06260ca0@localhost> References: <6.2.0.14.2.20041220142255.06260ca0@localhost>
next in thread | previous in thread | raw e-mail | index | archive | help
--FCuugMFkClbJLl1L Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Hello, On Mon, Dec 20, 2004 at 02:23:02PM -0700 or thereabouts, Brett Glass wrote: > The users depositing files on the server shouldn't be allowed to see what > one another are doing or to grope around on the system, so it'd be a good > idea to chroot them into home directories, as is commonly done with FTP. >=20 > However, OpenSSH (or at least FreeBSD's version of it) doesn't seem to ha= ve a > mechanism that allows users doing SSH, SCP, or SFTP to be chroot-ed into = a=20 > specific directory. What is the most effective and elegant way to do this= ? I've=20 > seen some crude patches that allow you to put a /. in the home directory = specified > in /etc/passwd, but these are specific to versions of the "portable" Open= SSH > and none of the diffs seem to match FreeBSD's files exactly.=20 go for /usr/ports/shells/scponly, it also has ability to use chroot. Cheers, Martin --=20 martin hudec * 421 907 303 393 * corwin@aeternal.net * http://www.aeternal.net "Nothing travels faster than the speed of light with the possible=20 exception of bad news, which obeys its own special laws." Douglas Adams, "The Hitchhiker's Guide to the Galaxy" --FCuugMFkClbJLl1L Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (FreeBSD) iD8DBQFBx0OuZYEZIv+rgggRAuaTAJ0eAh9wMsjGyt6alDraKN33mT41HwCeNSXH 3fKPFHtUUX6dEHi2pOQa2fw= =s0oL -----END PGP SIGNATURE----- --FCuugMFkClbJLl1L--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20041220212710.GA678>