Date: Wed, 4 May 2011 16:47:33 +0100 From: Chris Rees <utisoft@gmail.com> To: krad <kraduk@gmail.com> Cc: =?ISO-8859-1?B?QmFs4XpzIE3hdOlmZnk=?= <repcsike@gmail.com>, freebsd-questions@freebsd.org Subject: Re: Limitting SSH access Message-ID: <BANLkTinTG6koR3H-=6D%2BZxkh6cbYNPgcHw@mail.gmail.com> In-Reply-To: <BANLkTinSmbwOzya3we70Dn-RHb4Xg5sBwA@mail.gmail.com> References: <07CAE521148F4E7392202CD6B031F504@jarasc430> <4DC139F7.9080109@infracaninophile.co.uk> <BANLkTinnErTDZYwsV8OgzRfbMTXoHzQeMw@mail.gmail.com> <BANLkTinSmbwOzya3we70Dn-RHb4Xg5sBwA@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 4 May 2011 16:27, "krad" <kraduk@gmail.com> wrote: > > On 4 May 2011 12:47, Bal=E1zs M=E1t=E9ffy <repcsike@gmail.com> wrote: > > > On 4 May 2011 13:35, Matthew Seaman <m.seaman@infracaninophile.co.uk> > > wrote: > > > > > On 04/05/2011 10:08, Jack Raats wrote: > > > > I have a question concerning SSH op a FreeBSD 7.4-STABLE server. > > > > > > > > Is it possible to limit the SSH access? > > > > I want t o restrict a user to his own home directory. > > > > So that if he connects to the server with SSH he only can go to his own > > > home dir. > > > > Also the same for sftp... > > > > > > > > > > I believe you will need to install a version of OpenSSH from ports to > > > get that functionality. It's the CHROOT config option in > > > security/openssh-portable > > > > > > Cheers > > > > > > Matthew > > > > > > -- > > > Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard > > > Flat 3 > > > PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate > > > JID: matthew@infracaninophile.co.uk Kent, CT11 9PW > > > > > > > > Hello, > > > > It should work with the base openssh on 7.4. Check your version with sshd > > -v. > > Here, search for chroot(or use google :)): > > http://www.openbsd.org/cgi-bin/man.cgi?query=3Dsshd_config&sektion=3D5 > > > > Regarding ssh login, I usually use "rbash" from the ports, that restricts > > the user from leaving his or her home directory! > > > > Regards, > > > > Balazs Mateffy. > > _______________________________________________ > > freebsd-questions@freebsd.org mailing list > > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > > To unsubscribe, send any mail to " > > freebsd-questions-unsubscribe@freebsd.org" > > > > if you want them to be able to get a shell ether then sftp prompt then yo= u > will have to go for the rbash option. If you chroot the shell to their home > dir they wont have access to any system binaries so wont be able to 'ls' for > example. > > Having said that you could build a tree of all the binaries they need along > with all the dependent libraries. This would get a bit cumbersome and > wasteful of disk space for lots of users though. You might be better off > with jails. > Or you could have a special /bin-restricted that you nullfs mount into ~userN/bin. Chris
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?BANLkTinTG6koR3H-=6D%2BZxkh6cbYNPgcHw>