From owner-freebsd-security Thu Aug 15 9:24:22 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id BE92937B400 for ; Thu, 15 Aug 2002 09:24:19 -0700 (PDT) Received: from deevil.homeunix.org (adsl-34-216-123.bct.bellsouth.net [67.34.216.123]) by mx1.FreeBSD.org (Postfix) with SMTP id 4619243E4A for ; Thu, 15 Aug 2002 09:24:15 -0700 (PDT) (envelope-from deevil@deevil.homeunix.org) Received: (qmail 5526 invoked by uid 1001); 15 Aug 2002 16:24:13 -0000 Date: Thu, 15 Aug 2002 12:24:13 -0400 From: Ken Ebling To: Philip Paeps Cc: freebsd-security@freebsd.org Subject: Re: Chroot environment for ssh Message-ID: <20020815162413.GA5510@deevil.homeunix.org> References: <20020815134341.GO1144@juno.paeps.cx> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20020815134341.GO1144@juno.paeps.cx> User-Agent: Mutt/1.4i Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi Philip, I've found CHRSH to be very useful for chrooting shell accounts. The setup is very picky (for obvious reasons) but it's not complicated. http://www.aarongifford.com/computers/chrsh.html Ken Ebling On Thu, Aug 15, 2002 at 03:43:41PM +0200, Philip Paeps wrote: > Hi guys - > > I'm in the process of setting up a form of fileserver, and I'd like for my > users to be able to work only in their home directories, not anywhere else. I > would like to use SSH for the connections, as opposed to FTP, but I don't want > users to be able to log into an interactive shell (only SCP/SFTP) and I don't > want them to 'escape' out of their home directories. > > Anyone have any ideas on how I'd go about doing this? I've been fiddling with > chrsh (a 'chroot shell') but it's not really what I want. > > (I was debating with myself whether to post this on -questions of -security, I > hope I chose wisely in the end). > > Thanks! > > - Philip > > -- > Philip Paeps > philip@paeps.cx > http://www.paeps.cx/ > > +32 486 114 720 > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message