chroot-ing users coming in via SSH and/or SFTP?
DanGer
danger at wilbury.sk
Tue Dec 21 05:34:17 PST 2004
Hi Nigel,
Monday, December 20, 2004, 11:19:29 PM, si napisal:
> On 0, Brett Glass <brett at lariat.org> allegedly wrote:
>> At 02:23 PM 12/20/2004, Nigel Houghton wrote:
>>
>> >Is there something wrong with using the scponly shell for the users?
>>
>> Mainly that I hadn't heard of it until you mentioned it. ;-)
>> Thank you! (I knew I could get a quick answer, if there was one,
>> from the list.)
> aha, ok, good.
>> I just tried building it (twice, because the first time I didn't
>> realize that it required a special variable to be defined before
>> it would set itself up to chroot users). I'll be testing it shortly
>> to be sure that the "jails" created by its sample script (which
>> creates both the user ID and the jail) have everything needed for
>> FreeBSD.
>>
>> It'd be nice if there were a more centralized "chroot" facility
>> that covered SSH, FTP, and other things as well.
>>
>> --Brett
> Take a look at the Jail project, you'll find it here...
> http://www.jmcresearch.com/projects/jail/
> ..and in ports/sysutils/ along with some other jail tools, it may
> provide some of the features you are looking for.
> +-----------------------------------------------------------------+
> Nigel Houghton Research Engineer Sourcefire Inc.
> Vulnerability Research Team
> Stewie: You know, I rather like this God fellow. Very theatrical,
> you know. Pestilence here, a plague there. Omnipotence
> ...gotta get me some of that.
> _______________________________________________
> freebsd-security at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-security
> To unsubscribe, send any mail to
> "freebsd-security-unsubscribe at freebsd.org"
maybe somebody should port this:
http://chrootssh.sourceforge.net/index.php
it seems good :-)
--
Sincerely
+----------==/\/\==----------+ (__) FreeBSD
| DanGer <danger at wilbury.sk> | \\\'',) The
| DanGer at IRCnet ICQ261701668 | \/ \ ^ Power
| http://danger.rulez.sk | .\._/_) To
+----------==\/\/==----------+ Serve
More information about the freebsd-security
mailing list