chroot-ing users coming in via SSH and/or SFTP?

martin hudec corwin at aeternal.net
Mon Dec 20 13:27:16 PST 2004


Hello,

On Mon, Dec 20, 2004 at 02:23:02PM -0700 or thereabouts, Brett Glass wrote:
> The users depositing files on the server shouldn't be allowed to see what
> one another are doing or to grope around on the system, so it'd be a good
> idea to chroot them into home directories, as is commonly done with FTP.
> 
> However, OpenSSH (or at least FreeBSD's version of it) doesn't seem to have a
> mechanism that allows users doing SSH, SCP, or SFTP to be chroot-ed into a 
> specific directory. What is the most effective and elegant way to do this? I've 
> seen some crude patches that allow you to put a /. in the home directory specified
> in /etc/passwd, but these are specific to versions of the "portable" OpenSSH
> and none of the diffs seem to match FreeBSD's files exactly. 

     go for /usr/ports/shells/scponly, it also has ability to use
     chroot.


     	Cheers,

	Martin

-- 
martin hudec


   * 421 907 303 393
   * corwin at aeternal.net
   * http://www.aeternal.net

"Nothing travels faster than the speed of light with the possible 
exception of bad news, which obeys its own special laws."

   Douglas Adams, "The Hitchhiker's Guide to the Galaxy"
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-security/attachments/20041220/4ec844bb/attachment.bin


More information about the freebsd-security mailing list