chroot-ing users coming in via SSH and/or SFTP?

DanGer danger at wilbury.sk
Tue Dec 21 05:34:17 PST 2004


Hi Nigel,

Monday, December 20, 2004, 11:19:29 PM, si napisal:

> On  0, Brett Glass <brett at lariat.org> allegedly wrote:
>> At 02:23 PM 12/20/2004, Nigel Houghton wrote:
>> 
>> >Is there something wrong with using the scponly shell for the users?
>> 
>> Mainly that I hadn't heard of it until you mentioned it. ;-)
>> Thank you! (I knew I could get a quick answer, if there was one,
>> from the list.)

> aha, ok, good.

>> I just tried building it (twice, because the first time I didn't
>> realize that it required a special variable to be defined before 
>> it would set itself up to chroot users). I'll be testing it shortly
>> to be sure that the "jails" created by its sample script (which
>> creates both the user ID and the jail) have everything needed for 
>> FreeBSD.
>> 
>> It'd be nice if there were a more centralized "chroot" facility
>> that covered SSH, FTP, and other things as well.
>> 
>> --Brett

> Take a look at the Jail project, you'll find it here...

>  http://www.jmcresearch.com/projects/jail/

> ..and in ports/sysutils/ along with some other jail tools, it may 
> provide some of the features you are looking for.

> +-----------------------------------------------------------------+
>     Nigel Houghton      Research Engineer       Sourcefire Inc.
>                   Vulnerability Research Team

>  Stewie: You know, I rather like this God fellow. Very theatrical, 
>          you know. Pestilence here, a plague there. Omnipotence 
>                                  ...gotta get me some of that.
> _______________________________________________
> freebsd-security at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-security
> To unsubscribe, send any mail to
> "freebsd-security-unsubscribe at freebsd.org"

maybe somebody should port this:

http://chrootssh.sourceforge.net/index.php

it seems good :-)

-- 
Sincerely

+----------==/\/\==----------+       (__)      FreeBSD
| DanGer <danger at wilbury.sk> |    \\\'',)      The
| DanGer at IRCnet ICQ261701668 |      \/  \ ^    Power
|   http://danger.rulez.sk   |      .\._/_)    To
+----------==\/\/==----------+                 Serve



More information about the freebsd-security mailing list