From owner-freebsd-security Thu Aug 15 11: 2:16 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3A69437B400 for ; Thu, 15 Aug 2002 11:02:13 -0700 (PDT) Received: from horkos.telenet-ops.be (horkos.telenet-ops.be [195.130.132.45]) by mx1.FreeBSD.org (Postfix) with ESMTP id A3AA843E72 for ; Thu, 15 Aug 2002 11:02:12 -0700 (PDT) (envelope-from philip@paeps.cx) Received: from localhost (localhost.localdomain [127.0.0.1]) by horkos.telenet-ops.be (Postfix) with SMTP id E42478434B for ; Thu, 15 Aug 2002 20:02:11 +0200 (CEST) Received: from fortuna.home.paeps.cx (D5768732.kabel.telenet.be [213.118.135.50]) by horkos.telenet-ops.be (Postfix) with ESMTP id D5DAF83CF8 for ; Thu, 15 Aug 2002 20:02:11 +0200 (CEST) Received: from juno.home.paeps.cx (juno [10.0.0.2]) by fortuna.home.paeps.cx (Postfix) with ESMTP id BBEF8784 for ; Thu, 15 Aug 2002 20:02:11 +0200 (CEST) Received: by juno.home.paeps.cx (Postfix, from userid 1001) id 9BFF37EA; Thu, 15 Aug 2002 20:02:11 +0200 (CEST) Date: Thu, 15 Aug 2002 20:02:11 +0200 From: Philip Paeps To: security@freebsd.org Subject: Re: Chroot environment for ssh Message-ID: <20020815180211.GC91830@juno.paeps.cx> Mail-Followup-To: security@freebsd.org References: <20020815134341.GO1144@juno.paeps.cx> <20020815160102.11f7c27b.freebsd@secspace.de> <20020815173540.GB91830@juno.paeps.cx> Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-15 Content-Disposition: inline In-Reply-To: <20020815173540.GB91830@juno.paeps.cx> X-Message-Flag: Get yourself a real mail client. Try Mutt: User-Agent: Mutt/1.5.1i Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On 2002-08-15 19:36:10, Philip Paeps wrote: > On 2002-08-15 17:15:01, Volker Kindermann wrote: > > > I'm in the process of setting up a form of fileserver, and I'd like for > > > my users to be able to work only in their home directories, not anywhere > > > else. I would like to use SSH for the connections, as opposed to FTP, > > > but I don't want users to be able to log into an interactive shell (only > > > SCP/SFTP) and I don't want them to 'escape' out of their home > > > directories. > > > > take a look at http://www.sublimation.org/scponly > > The name of it sounds just like what I want! I'll give this a go, thanks! Okay, I've set it up, and my users are happily scp-only. That's most of the problem solved. > > scponly has a chroot-Mode but the setup is a little tricky. > > As long as it's not too burdensome to create new chrooted users, I'm > perfectly happy with it :-) This bit is still causing me a minor headache. The chroot script needs a bit of hacking before it a) works properly on FreeBSD, b) works good enough to be called from adduser or similar. When I'm done with that fix I think I might as well submit it as a port. I think it would do well in the ports collection! - Philip -- Philip Paeps philip@paeps.cx http://www.paeps.cx/ +32 486 114 720 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message