Date: Sun, 5 Oct 2008 18:12:41 +0200 From: Mel <fbsd.questions@rachie.is-a-geek.net> To: freebsd-questions@freebsd.org Cc: kalin m <kalin@el.net> Subject: Re: ssh jail Message-ID: <200810051812.41722.fbsd.questions@rachie.is-a-geek.net> In-Reply-To: <48E5070D.8050400@el.net> References: <48E5070D.8050400@el.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thursday 02 October 2008 19:38:21 kalin m wrote:
> hi all...
>
> i have openssh 5. i want to jail the users to their home directories so
> they can go down but not up.
>
> i didn't see a directive that does that in the man or in the sshd_config.
On RELENG_7 (aka -stable, aka 7.1-PRERELEASE), isn't this what you're looking
for?
ChrootDirectory
Specifies a path to chroot(2) to after authentication. This
path, and all its components, must be root-owned directories that
are not writable by any other user or group.
The path may contain the following tokens that are expanded at
runtime once the connecting user has been authenticated: %% is
replaced by a literal '%', %h is replaced by the home directory
of the user being authenticated, and %u is replaced by the user-
name of that user.
The ChrootDirectory must contain the necessary files and directo-
ries to support the users' session. For an interactive session
this requires at least a shell, typically sh(1), and basic /dev
nodes such as null(4), zero(4), stdin(4), stdout(4), stderr(4),
arandom(4) and tty(4) devices. For file transfer sessions using
``sftp'', no additional configuration of the environment is nec-
essary if the in-process sftp server is used (see Subsystem for
details).
The default is not to chroot(2).
$ ssh -V
OpenSSH_5.1p1 FreeBSD-20080901, OpenSSL 0.9.8e 23 Feb 2007
--
Mel
Problem with today's modular software: they start with the modules
and never get to the software part.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200810051812.41722.fbsd.questions>