From owner-freebsd-questions@FreeBSD.ORG Tue Apr 10 16:04:43 2007 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id F154B16A400 for ; Tue, 10 Apr 2007 16:04:43 +0000 (UTC) (envelope-from derek@computinginnovations.com) Received: from betty.computinginnovations.com (dsl081-227-250.chi1.dsl.speakeasy.net [64.81.227.250]) by mx1.freebsd.org (Postfix) with ESMTP id 9624413C4BB for ; Tue, 10 Apr 2007 16:04:43 +0000 (UTC) (envelope-from derek@computinginnovations.com) Received: from p28.computinginnovations.com (dhcp-10-20-30-100.computinginnovations.com [10.20.30.100]) (authenticated bits=0) by betty.computinginnovations.com (8.13.8/8.12.11) with ESMTP id l3AG3uS9087535; Tue, 10 Apr 2007 11:03:56 -0500 (CDT) Message-Id: <6.0.0.22.2.20070410105843.02537e38@mail.computinginnovations.com> X-Sender: derek@mail.computinginnovations.com X-Mailer: QUALCOMM Windows Eudora Version 6.0.0.22 Date: Tue, 10 Apr 2007 11:03:26 -0500 To: "Thiago Esteves de Oliveira" , freebsd-questions@freebsd.org From: Derek Ragona In-Reply-To: <63726.146.164.92.1.1176218908.squirrel@www.lamce.coppe.ufr j.br> References: <63726.146.164.92.1.1176218908.squirrel@www.lamce.coppe.ufrj.br> Mime-Version: 1.0 X-ComputingInnovations-MailScanner-Information: Please contact the ISP for more information X-ComputingInnovations-MailScanner: Found to be clean X-ComputingInnovations-MailScanner-From: derek@computinginnovations.com X-Spam-Status: No Content-Type: text/plain; charset="us-ascii"; format=flowed X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: Subject: Re: Chroot/jail mechanism in ssh and sftp connections X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 10 Apr 2007 16:04:44 -0000 At 10:28 AM 4/10/2007, Thiago Esteves de Oliveira wrote: >Hello, > >I want to use the chroot/jail mechanism in user's ssh and sftp >connections. I've read some >tutorials and possible solutions to jail/chroot the users into their own >home directories. One is >to install the openssh-portable(with chroot option turned on) from the >ports collection. > >I've installed the openssh-portable, but the jail/chroot mechanism didn't >work. >I think it requires some configuration in its sshd_config file, but I'm >not sure because I have >found nothing about jail/chroot in the openssh(sshd_config) man pages. I have implemented a similar setup using vsftpd from the ports. It works well for secure ftp when used with the filezilla client. You can limit the ftp command in the vsftpd configuration file so users cannot get out of their home directories, which chroots them there. You do need to add one thing to the accounts, which is to change their home directory in /etc/passwd adding an additional dot. For instance if a users home directory is: /home/user You'd need to change it to: /home/./user vsftpd is well documented and relatively easy to get setup and running. -Derek -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support.