From owner-freebsd-security Thu Aug 15 10:35:45 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3651C37B400 for ; Thu, 15 Aug 2002 10:35:42 -0700 (PDT) Received: from eos.telenet-ops.be (eos.telenet-ops.be [195.130.132.40]) by mx1.FreeBSD.org (Postfix) with ESMTP id A8BA643E7B for ; Thu, 15 Aug 2002 10:35:41 -0700 (PDT) (envelope-from philip@paeps.cx) Received: from localhost (localhost.localdomain [127.0.0.1]) by eos.telenet-ops.be (Postfix) with SMTP id C491D203F0 for ; Thu, 15 Aug 2002 19:35:40 +0200 (CEST) Received: from fortuna.home.paeps.cx (D5768732.kabel.telenet.be [213.118.135.50]) by eos.telenet-ops.be (Postfix) with ESMTP id B4D89202DC for ; Thu, 15 Aug 2002 19:35:40 +0200 (CEST) Received: from juno.home.paeps.cx (juno [10.0.0.2]) by fortuna.home.paeps.cx (Postfix) with ESMTP id 94CB0784 for ; Thu, 15 Aug 2002 19:35:40 +0200 (CEST) Received: by juno.home.paeps.cx (Postfix, from userid 1001) id 7EE897EA; Thu, 15 Aug 2002 19:35:40 +0200 (CEST) Date: Thu, 15 Aug 2002 19:35:40 +0200 From: Philip Paeps To: security@freebsd.org Subject: Re: Chroot environment for ssh Message-ID: <20020815173540.GB91830@juno.paeps.cx> Mail-Followup-To: security@freebsd.org References: <20020815134341.GO1144@juno.paeps.cx> <20020815160102.11f7c27b.freebsd@secspace.de> Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-15 Content-Disposition: inline In-Reply-To: <20020815160102.11f7c27b.freebsd@secspace.de> X-Message-Flag: Get yourself a real mail client. Try Mutt: User-Agent: Mutt/1.5.1i Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On 2002-08-15 17:15:01, Volker Kindermann wrote: > > I'm in the process of setting up a form of fileserver, and I'd like for my > > users to be able to work only in their home directories, not anywhere > > else. I would like to use SSH for the connections, as opposed to FTP, but > > I don't want users to be able to log into an interactive shell (only > > SCP/SFTP) and I don't want them to 'escape' out of their home directories. > > take a look at http://www.sublimation.org/scponly The name of it sounds just like what I want! I'll give this a go, thanks! > scponly has a chroot-Mode but the setup is a little tricky. As long as it's not too burdensome to create new chrooted users, I'm perfectly happy with it :-) Thanks for the tip! - Philip -- Philip Paeps philip@paeps.cx http://www.paeps.cx/ +32 486 114 720 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message