chroot-ing users coming in via SSH and/or SFTP?

Nigel Houghton nigel at sourcefire.com
Mon Dec 20 14:23:50 PST 2004


On  0, Brett Glass <brett at lariat.org> allegedly wrote:
> At 02:23 PM 12/20/2004, Nigel Houghton wrote:
> 
> >Is there something wrong with using the scponly shell for the users?
> 
> Mainly that I hadn't heard of it until you mentioned it. ;-)
> Thank you! (I knew I could get a quick answer, if there was one,
> from the list.)

aha, ok, good.

> I just tried building it (twice, because the first time I didn't
> realize that it required a special variable to be defined before 
> it would set itself up to chroot users). I'll be testing it shortly
> to be sure that the "jails" created by its sample script (which
> creates both the user ID and the jail) have everything needed for 
> FreeBSD.
> 
> It'd be nice if there were a more centralized "chroot" facility
> that covered SSH, FTP, and other things as well.
> 
> --Brett

Take a look at the Jail project, you'll find it here...

 http://www.jmcresearch.com/projects/jail/

..and in ports/sysutils/ along with some other jail tools, it may 
provide some of the features you are looking for.

+-----------------------------------------------------------------+
    Nigel Houghton      Research Engineer       Sourcefire Inc.
                  Vulnerability Research Team

 Stewie: You know, I rather like this God fellow. Very theatrical, 
         you know. Pestilence here, a plague there. Omnipotence 
				 ...gotta get me some of that.


More information about the freebsd-security mailing list