From owner-freebsd-questions  Tue Jul 16 16:51:30 2002
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 7874537B401
	for <freebsd-questions@freebsd.org>; Tue, 16 Jul 2002 16:51:28 -0700 (PDT)
Received: from catflap.home.slightlystrange.org (host217-39-95-108.in-addr.btopenworld.com [217.39.95.108])
	by mx1.FreeBSD.org (Postfix) with ESMTP id D57AC43E6D
	for <freebsd-questions@freebsd.org>; Tue, 16 Jul 2002 16:51:27 -0700 (PDT)
	(envelope-from dan@slightlystrange.org)
Received: from danielby by catflap.home.slightlystrange.org with local (Exim 3.36 #1)
	id 17Uc6H-0005xu-00
	for freebsd-questions@freebsd.org; Wed, 17 Jul 2002 00:51:25 +0100
Date: Wed, 17 Jul 2002 00:51:25 +0100
From: Daniel Bye <dan@slightlystrange.org>
To: freebsd-questions@freebsd.org
Subject: Re: SSH
Message-ID: <20020716235125.GA22090@catflap.home.slightlystrange.org>
Reply-To: dan@slightlystrange.org
Mail-Followup-To: freebsd-questions@freebsd.org
References: <20020716233948.1762.qmail@linuxmail.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20020716233948.1762.qmail@linuxmail.org>
User-Agent: Mutt/1.4i
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

On Wed, Jul 17, 2002 at 07:39:48AM +0800, Rafter Man wrote:
> Hi again :-)
> 
> How do you chroot people logging in via ssh? or sftp?

The easiest solution I've found for this is to give your restricted
users rbash as a login shell.  (This applies to interactive ssh
connections, I don't know about sftp - I don't use it).

rbash probably won't exist on your system yet.  If bash is installed
(it's in ports, naturally ;-), make a link called rbash to the bash
executable:

# ln /usr/local/bin/bash /usr/local/bin/rbash

Add /usr/local/bin/rbash to your /etc/shells, and make it the default
shell for your restricted users.

Dan

-- 
Daniel Bye

PGP Key: ftp://ftp.slightlystrange.org/pgpkey/dan.asc
PGP Key fingerprint: 3D73 AF47 D448 C5CA 88B4 0DCF 849C 1C33 3C48 2CDC
                                                                     _
                                              ASCII ribbon campaign ( )
                                         - against HTML, vCards and  X
                                - proprietary attachments in e-mail / \

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message