Limitting SSH access
Chris Rees
utisoft at gmail.com
Wed May 4 16:37:06 UTC 2011
2011/5/4 Peter Vereshagin <peter at vereshagin.org>:
> Wake me up when September ends, freebsd-questions!
> 2011/05/04 16:47:33 +0100 Chris Rees <utisoft at gmail.com> => To krad :
> CR> > > > > Is it possible to limit the SSH access?
> CR> > > Regarding ssh login, I usually use "rbash" from the ports, that
> CR> restricts
> CR> Or you could have a special /bin-restricted that you nullfs mount into
> CR> ~userN/bin.
>
>
> I personally should like to have a quick recipe on how to create such a limited
> set of binaries ( libraries, mans, etc., each mounted with nullfs read-only to
> every such a user's home ) from the 'world' build.
> Some options like the rsync I consider to be a must in some cases so this
> should include the ports availability, isn't it?
>
Hehe, big can of worms here. Plenty of opportunity to break out of a
chroot, as well as the fact that it's largely discredited as a
security mechanism [1].
Someone mentioned Jails earlier, probably a better idea.
Chris
[1] http://kerneltrap.org/Linux/Abusing_chroot
More information about the freebsd-questions
mailing list