From owner-freebsd-questions@FreeBSD.ORG Wed Apr 11 13:48:39 2007 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 90E8516A404 for ; Wed, 11 Apr 2007 13:48:39 +0000 (UTC) (envelope-from david.robillard@gmail.com) Received: from py-out-1112.google.com (py-out-1112.google.com [64.233.166.176]) by mx1.freebsd.org (Postfix) with ESMTP id 56BC813C465 for ; Wed, 11 Apr 2007 13:48:39 +0000 (UTC) (envelope-from david.robillard@gmail.com) Received: by py-out-1112.google.com with SMTP id f31so152904pyh for ; Wed, 11 Apr 2007 06:48:38 -0700 (PDT) DKIM-Signature: a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:cc:mime-version:content-type:content-transfer-encoding:content-disposition; b=TqW/ld+fePuYXUdz0hYZVTK4F/4jDfKz4uk9563tjwyZ8YaIl0g6PFd71lmGJ36KfK0AnxUpeVBY//ckqKBtBsnYvlqmuP+xAHgu5ZNWhAtk3f5BMXbDsjP6AkVP1Cx8AWLgmj2Vt9cAouC6iJ/p+Ml0MvASkkhrFyexgwliDS4= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:cc:mime-version:content-type:content-transfer-encoding:content-disposition; b=RnfWGSxcIUqp3P5Xerz/+k+9mbvtHu3tpYENVXMwwD1Tdkj3YOlHqd1NUgRjTPARNxDV3c3B5H/SXfOv5+eSCDvqY+NbE5/jd+515sX2G4dehcj4zJkGrgbufZTA43P/wOFq/a1RCs1Sl4CJ2BuDlU4Zhvr3L6h4btKHGgCGuMI= Received: by 10.35.51.19 with SMTP id d19mr1171626pyk.1176299318753; Wed, 11 Apr 2007 06:48:38 -0700 (PDT) Received: by 10.35.94.14 with HTTP; Wed, 11 Apr 2007 06:48:38 -0700 (PDT) Message-ID: <226ae0c60704110648t162b5991pd98728f68b2a6082@mail.gmail.com> Date: Wed, 11 Apr 2007 09:48:38 -0400 From: "David Robillard" To: "FreeBSD Questions" MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline Cc: L33T Networks Subject: Re: Locking SSH Users to $HOME X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 11 Apr 2007 13:48:39 -0000 > Using the SSHD server, how can I lock users SSH'ing into a box into their > home directory, without having access to the /usr/home directory as a > whole? You can try to use the security/ssh2 port to replace the base system's sshd(8). This version of ssh supports additional chroot configuration options which lets you do exactly what you're looking for. Here's a link to the port: http://www.freebsd.org/cgi/url.cgi?ports/security/ssh2/pkg-descr Here's an article which shows you how to do what your looking for: http://freebsdrocks.net/index.php?option=com_content&task=view&id=51&Itemid=1 Have fun, David -- David Robillard UNIX systems administrator & Oracle DBA CISSP, RHCE & Sun Certified Security Administrator Montreal: +1 514 966 0122