From owner-freebsd-questions@FreeBSD.ORG Tue Mar 11 23:46:50 2008 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 3E9F61065670 for ; Tue, 11 Mar 2008 23:46:50 +0000 (UTC) (envelope-from jerrymc@gizmo.acns.msu.edu) Received: from gizmo.acns.msu.edu (gizmo.acns.msu.edu [35.8.1.43]) by mx1.freebsd.org (Postfix) with ESMTP id 009028FC16 for ; Tue, 11 Mar 2008 23:46:49 +0000 (UTC) (envelope-from jerrymc@gizmo.acns.msu.edu) Received: from gizmo.acns.msu.edu (localhost [127.0.0.1]) by gizmo.acns.msu.edu (8.13.6/8.13.6) with ESMTP id m2BNlCCs003357; Tue, 11 Mar 2008 19:47:12 -0400 (EDT) (envelope-from jerrymc@gizmo.acns.msu.edu) Received: (from jerrymc@localhost) by gizmo.acns.msu.edu (8.13.6/8.13.6/Submit) id m2BNlBxd003356; Tue, 11 Mar 2008 19:47:11 -0400 (EDT) (envelope-from jerrymc) Date: Tue, 11 Mar 2008 19:47:11 -0400 From: Jerry McAllister To: "Philip M. Gollucci" Message-ID: <20080311234711.GA3306@gizmo.acns.msu.edu> References: <47D702EC.2090908@riderway.com> <20080311221610.GB2418@gizmo.acns.msu.edu> <47D7072B.6090501@riderway.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <47D7072B.6090501@riderway.com> User-Agent: Mutt/1.4.2.2i Cc: Jerry McAllister , "Philip M. Gollucci" , FreeBSD Questions Subject: Re: security/openssh-portable X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 11 Mar 2008 23:46:50 -0000 On Tue, Mar 11, 2008 at 06:26:51PM -0400, Philip M. Gollucci wrote: > >>user:*:3000:3000::0:0:F L:/foo/./user:/bin/sh > >The usual thing is make the shell /bin/nologin > Hi Jerry, Thanks -- but > Changed to /usr/sbin/nologin > > So thats not in the 'chroot' aka /foo/user/usr/sbin/nologin Well, you can make your own nologin. Just copy the other one and make it only executable - not writable. ////jerry > $ sftp -v -v -v user@devX.domain.tld > OpenSSH_4.5p1 FreeBSD-20061110, OpenSSL 0.9.8e 23 Feb 2007 > debug1: Remote protocol version 1.99, remote software version > OpenSSH_4.7p1-hpn12v20 FreeBSD-openssh-portable-overwrite-base-4.7.p1_1,1 > debug1: match: OpenSSH_4.7p1-hpn12v20 > FreeBSD-openssh-portable-overwrite-base-4.7.p1_1,1 pat OpenSSH* > > debug2: channel 0: open confirm rwindow 0 rmax 32768 > Request for subsystem 'sftp' failed on channel 0 > > > -- > ------------------------------------------------------------------------ > Philip M. Gollucci (philip@ridecharge.com) > o:703.549.2050x206 > Senior System Admin - Riderway, Inc. > http://riderway.com / http://ridecharge.com > 1024D/EC88A0BF 0DE5 C55C 6BF3 B235 2DAB B89E 1324 9B4F EC88 A0BF > > Work like you don't need the money, > love like you'll never get hurt, > and dance like nobody's watching. > > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org"