From owner-freebsd-questions@FreeBSD.ORG Mon Nov 24 06:20:23 2003 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E61A616A4CF for ; Mon, 24 Nov 2003 06:20:23 -0800 (PST) Received: from rwcrmhc11.comcast.net (rwcrmhc11.comcast.net [204.127.198.35]) by mx1.FreeBSD.org (Postfix) with ESMTP id B786643FDD for ; Mon, 24 Nov 2003 06:20:22 -0800 (PST) (envelope-from freebsd-questions-local@be-well.ilk.org) Received: from be-well.no-ip.com ([66.30.200.37]) by comcast.net (rwcrmhc11) with ESMTP id <2003112414202201300ij0bce>; Mon, 24 Nov 2003 14:20:22 +0000 Received: by be-well.no-ip.com (Postfix, from userid 1147) id C85186D; Mon, 24 Nov 2003 09:20:21 -0500 (EST) Sender: lowell@be-well.ilk.org To: "Sunil Sunder Raj" References: From: Lowell Gilbert Date: 24 Nov 2003 09:20:21 -0500 In-Reply-To: Message-ID: <44llq5sva2.fsf@be-well.ilk.org> Lines: 9 User-Agent: Gnus/5.09 (Gnus v5.9.0) Emacs/21.3 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii cc: shrikant@corp.123india.com cc: freebsd-questions@FreeBSD.ORG Subject: Re: Restricting SSH access to only a users home directory..... X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: freebsd-questions@FreeBSD.ORG List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 24 Nov 2003 14:20:24 -0000 "Sunil Sunder Raj" writes: > This depends on the shell not ssh configuration. Install rbash and > assign it to the user having ssh access. Just remember that "restricted" shells like rbash are not very hard to break out of, so you can't rely on them as a security measure. It's a good way to go if you're mostly trying to avoid confusing the user in question, or as a protection against shooting yourself in the foot.