From owner-freebsd-questions@FreeBSD.ORG  Wed Mar 30 21:28:59 2005
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 2AACC16A4CE
	for <freebsd-questions@freebsd.org>;
	Wed, 30 Mar 2005 21:28:59 +0000 (GMT)
Received: from engraver.valleygate.net (12-240-1-161.client.mchsi.com
	[12.240.1.161])	by mx1.FreeBSD.org (Postfix) with ESMTP id 6BBB943D48
	for <freebsd-questions@freebsd.org>;
	Wed, 30 Mar 2005 21:28:58 +0000 (GMT)
	(envelope-from wizlayer@gmail.com)
Received: from wizard.valleygate.net (wizard.valleygate.net [10.51.10.3])
	j2ULSvBe036246	for <freebsd-questions@freebsd.org>;
	Wed, 30 Mar 2005 16:28:57 -0500 (EST)
	(envelope-from wizlayer@gmail.com)
From: wizlayer <wizlayer@gmail.com>
To: freebsd-questions@freebsd.org
Date: Wed, 30 Mar 2005 16:28:55 -0500
User-Agent: KMail/1.7.2
References: <424B13EF.6050400@att.net>
In-Reply-To: <424B13EF.6050400@att.net>
MIME-Version: 1.0
Content-Type: text/plain;
  charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Message-Id: <200503301628.56047.wizlayer@gmail.com>
Subject: Re: ssh - restricted shell
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
Reply-To: wizlayer@gmail.com
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 30 Mar 2005 21:28:59 -0000

On Wednesday 30 March 2005 04:02 pm, Duane Winner wrote:
> Hello,
>
> Does anybody know the best technique to accomplish this:
>
> We have a server that we use for mostly internal development,
> and run an SSH server.
>
> We have an outsider who we want to allow to ssh into this
> server and do some work.
>
> However, because he is an outsider, we don't want him roaming
> around our server, moving, looking, doing, or anything outside
> of his own home directory.
>
> How can I restrict him to his own home directory?
>
> I thought I ran into instructions once for doing this, but I
> can't find anything right now.
>
> Or was I thinking of scponly ?
>
> That might do it, except we do need to set him up to to run
> some scripts within his home directory after he uploads stuff
> via scp.
>
> Thanks,
> DW
>

DW,

I thought this was accomplished when initially setting up a user's 
account?  I'm under the impression that when a user clients sshd, 
s/he still can't go beyong the boundaries of his/her existing 
account on the server.  Of course: if $impression = "delusion" 
then someone _please_ correct me!  fi :O

WizLayer