chroot-ing users coming in via SSH and/or SFTP?
corwin at aeternal.net
Mon Dec 20 13:27:16 PST 2004
On Mon, Dec 20, 2004 at 02:23:02PM -0700 or thereabouts, Brett Glass wrote:
> The users depositing files on the server shouldn't be allowed to see what
> one another are doing or to grope around on the system, so it'd be a good
> idea to chroot them into home directories, as is commonly done with FTP.
> However, OpenSSH (or at least FreeBSD's version of it) doesn't seem to have a
> mechanism that allows users doing SSH, SCP, or SFTP to be chroot-ed into a
> specific directory. What is the most effective and elegant way to do this? I've
> seen some crude patches that allow you to put a /. in the home directory specified
> in /etc/passwd, but these are specific to versions of the "portable" OpenSSH
> and none of the diffs seem to match FreeBSD's files exactly.
go for /usr/ports/shells/scponly, it also has ability to use
* 421 907 303 393
* corwin at aeternal.net
"Nothing travels faster than the speed of light with the possible
exception of bad news, which obeys its own special laws."
Douglas Adams, "The Hitchhiker's Guide to the Galaxy"
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-security/attachments/20041220/4ec844bb/attachment.bin
More information about the freebsd-security