chroot SSH users.
Tijl Coosemans
tijl at coosemans.org
Mon Dec 28 09:28:55 UTC 2009
On Sunday 27 December 2009 18:16:47 krad wrote:
> fairly easy if you read the man page 8) I wrote this howto for sun
> boxes at work but it was using openssh so same rules should apply.
> Make sure chroot support was compiled in though
>
> 1. Dont bother with sun ssh it wont work. Opensolaris and later solaris
> 10 are bundled with openssh though.
> 2. Make sure openssh version is 5 or above (some 4s do work but 5 better)
> 3. Add these lines to sshd config
>
> Match Group sftponly
> ChrootDirectory /home/chroot/%u
> X11Forwarding no
> AllowTcpForwarding no
> ForceCommand internal-sftp
>
> 4. Make sure the Subsystem line is this
>
> Subsystem sftp internal-sftp
>
> 5. create the sftponly group on the system
> 6. put the relevent users in this group. be careful as you will stop them
> being able to ssh in!!
> 7. Dead important this bit !!!
>
> mkdir -p /home/chroot/<user>/home/<user>/.ssh
> chown -R root /home/chroot/<user>
> chown -R <user> /home/chroot/<user>
Shouldn't this line be:
chown -R <user> /home/chroot/<user>/home/<user>
> chmod -R 755 /home/chroot/<user> /home/chroot/<user>/home/<user>
> ln -s /home/chroot/<user>/home/<user> /home/.
>
> 8. Put their ssh keys in /home/chroot/<user>/home/<user>/.ssh
>
> All should now work
More information about the freebsd-questions
mailing list