Date: Sun, 6 Jun 2004 23:38:55 -0700 (PDT) From: Doug Barton <DougB@FreeBSD.org> To: Dan Rue <drue@therub.org> Cc: "David E. Meier" <dev@eth0.ch> Subject: Re: [Freebsd-security] Re: Multi-User Security Message-ID: <20040606233720.F1850@ync.qbhto.arg> In-Reply-To: <20040520033024.GA26640@therub.org> References: <20040518160517.GA10067@therub.org> <OPEPILILPLAKPFCNKOKAGEGHCBAA.remko@elvandar.org> <20040520033024.GA26640@therub.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 19 May 2004, Dan Rue wrote:
> You obviously havn't tried to chroot scponly users.. _that's_ the tricky
> part. Especially if you want it to scale up beyond a handful of users.
> If i'm wrong - fill me in i'd love to hear how to do it.
Have you considered using ~/.ssh/authorized_keys to restrict the account
from tty access? This would allow you to do commands (like scp) without
the risk of the user getting an actual shell.
Doug
--
This .signature sanitized for your protection
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040606233720.F1850>