Date: Wed, 30 Mar 2005 16:51:15 -0500 From: daniel <danstemporaryaccount@yahoo.ca> To: freebsd-questions@freebsd.org Subject: Re: ssh - restricted shell Message-ID: <200503301651.16100.danstemporaryaccount@yahoo.ca> In-Reply-To: <424B13EF.6050400@att.net> References: <424B13EF.6050400@att.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On March 30, 2005 04:02 pm, Duane Winner wrote: > Hello, > > Does anybody know the best technique to accomplish this: > > We have a server that we use for mostly internal development, and run an > SSH server. > > We have an outsider who we want to allow to ssh into this server and do > some work. > > However, because he is an outsider, we don't want him roaming around our > server, moving, looking, doing, or anything outside of his own home > directory. > > How can I restrict him to his own home directory? > > I thought I ran into instructions once for doing this, but I can't find > anything right now. > > Or was I thinking of scponly ? > > That might do it, except we do need to set him up to to run some scripts > within his home directory after he uploads stuff via scp. if you only want scp to work, then you can use this as the shell: /usr/lib/misc/sftp-server worked for me. however, if they need a shell, you'll have to chroot() the shell and i don't know how to do that. i've never bothered to learn 'cause i've heard that they're easy to break out of anyway. -- the reasonable man adapts himself to the world; the unreasonable man persists in trying to adapt the world to himself. therefore, all progress depends on the unreasonable man. - george bernard shaw
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200503301651.16100.danstemporaryaccount>