Date: Thu, 15 Aug 2002 12:24:13 -0400 From: Ken Ebling <deevil@deevil.homeunix.org> To: Philip Paeps <philip@paeps.cx> Cc: freebsd-security@freebsd.org Subject: Re: Chroot environment for ssh Message-ID: <20020815162413.GA5510@deevil.homeunix.org> In-Reply-To: <20020815134341.GO1144@juno.paeps.cx> References: <20020815134341.GO1144@juno.paeps.cx>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi Philip, I've found CHRSH to be very useful for chrooting shell accounts. The setup is very picky (for obvious reasons) but it's not complicated. http://www.aarongifford.com/computers/chrsh.html Ken Ebling On Thu, Aug 15, 2002 at 03:43:41PM +0200, Philip Paeps wrote: > Hi guys - > > I'm in the process of setting up a form of fileserver, and I'd like for my > users to be able to work only in their home directories, not anywhere else. I > would like to use SSH for the connections, as opposed to FTP, but I don't want > users to be able to log into an interactive shell (only SCP/SFTP) and I don't > want them to 'escape' out of their home directories. > > Anyone have any ideas on how I'd go about doing this? I've been fiddling with > chrsh (a 'chroot shell') but it's not really what I want. > > (I was debating with myself whether to post this on -questions of -security, I > hope I chose wisely in the end). > > Thanks! > > - Philip > > -- > Philip Paeps > philip@paeps.cx > http://www.paeps.cx/ > > +32 486 114 720 > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020815162413.GA5510>