chroot-ing users coming in via SSH and/or SFTP?
Nigel Houghton
nigel at sourcefire.com
Mon Dec 20 14:23:50 PST 2004
On 0, Brett Glass <brett at lariat.org> allegedly wrote:
> At 02:23 PM 12/20/2004, Nigel Houghton wrote:
>
> >Is there something wrong with using the scponly shell for the users?
>
> Mainly that I hadn't heard of it until you mentioned it. ;-)
> Thank you! (I knew I could get a quick answer, if there was one,
> from the list.)
aha, ok, good.
> I just tried building it (twice, because the first time I didn't
> realize that it required a special variable to be defined before
> it would set itself up to chroot users). I'll be testing it shortly
> to be sure that the "jails" created by its sample script (which
> creates both the user ID and the jail) have everything needed for
> FreeBSD.
>
> It'd be nice if there were a more centralized "chroot" facility
> that covered SSH, FTP, and other things as well.
>
> --Brett
Take a look at the Jail project, you'll find it here...
http://www.jmcresearch.com/projects/jail/
..and in ports/sysutils/ along with some other jail tools, it may
provide some of the features you are looking for.
+-----------------------------------------------------------------+
Nigel Houghton Research Engineer Sourcefire Inc.
Vulnerability Research Team
Stewie: You know, I rather like this God fellow. Very theatrical,
you know. Pestilence here, a plague there. Omnipotence
...gotta get me some of that.
More information about the freebsd-security
mailing list