Date: Wed, 4 May 2011 16:27:07 +0100 From: krad <kraduk@gmail.com> To: =?ISO-8859-1?B?QmFs4XpzIE3hdOlmZnk=?= <repcsike@gmail.com> Cc: freebsd-questions@freebsd.org Subject: Re: Limitting SSH access Message-ID: <BANLkTinSmbwOzya3we70Dn-RHb4Xg5sBwA@mail.gmail.com> In-Reply-To: <BANLkTinnErTDZYwsV8OgzRfbMTXoHzQeMw@mail.gmail.com> References: <07CAE521148F4E7392202CD6B031F504@jarasc430> <4DC139F7.9080109@infracaninophile.co.uk> <BANLkTinnErTDZYwsV8OgzRfbMTXoHzQeMw@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 4 May 2011 12:47, Bal=E1zs M=E1t=E9ffy <repcsike@gmail.com> wrote: > On 4 May 2011 13:35, Matthew Seaman <m.seaman@infracaninophile.co.uk> > wrote: > > > On 04/05/2011 10:08, Jack Raats wrote: > > > I have a question concerning SSH op a FreeBSD 7.4-STABLE server. > > > > > > Is it possible to limit the SSH access? > > > I want t o restrict a user to his own home directory. > > > So that if he connects to the server with SSH he only can go to his o= wn > > home dir. > > > Also the same for sftp... > > > > > > > I believe you will need to install a version of OpenSSH from ports to > > get that functionality. It's the CHROOT config option in > > security/openssh-portable > > > > Cheers > > > > Matthew > > > > -- > > Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard > > Flat 3 > > PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate > > JID: matthew@infracaninophile.co.uk Kent, CT11 9PW > > > > > Hello, > > It should work with the base openssh on 7.4. Check your version with sshd > -v. > Here, search for chroot(or use google :)): > http://www.openbsd.org/cgi-bin/man.cgi?query=3Dsshd_config&sektion=3D5 > > Regarding ssh login, I usually use "rbash" from the ports, that restricts > the user from leaving his or her home directory! > > Regards, > > Balazs Mateffy. > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to " > freebsd-questions-unsubscribe@freebsd.org" > if you want them to be able to get a shell ether then sftp prompt then you will have to go for the rbash option. If you chroot the shell to their home dir they wont have access to any system binaries so wont be able to 'ls' fo= r example. Having said that you could build a tree of all the binaries they need along with all the dependent libraries. This would get a bit cumbersome and wasteful of disk space for lots of users though. You might be better off with jails.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?BANLkTinSmbwOzya3we70Dn-RHb4Xg5sBwA>