chroot-ing users coming in via SSH and/or SFTP?

Brett Glass brett at lariat.org
Mon Dec 20 14:11:54 PST 2004


At 02:23 PM 12/20/2004, Nigel Houghton wrote:

>Is there something wrong with using the scponly shell for the users?

Mainly that I hadn't heard of it until you mentioned it. ;-)
Thank you! (I knew I could get a quick answer, if there was one,
from the list.)

I just tried building it (twice, because the first time I didn't
realize that it required a special variable to be defined before 
it would set itself up to chroot users). I'll be testing it shortly
to be sure that the "jails" created by its sample script (which
creates both the user ID and the jail) have everything needed for 
FreeBSD.

It'd be nice if there were a more centralized "chroot" facility
that covered SSH, FTP, and other things as well.

--Brett




More information about the freebsd-security mailing list