chroot SSH users.
krad
kraduk at googlemail.com
Mon Dec 28 15:49:59 UTC 2009
2009/12/28 Tijl Coosemans <tijl at coosemans.org>
> On Sunday 27 December 2009 18:16:47 krad wrote:
> > fairly easy if you read the man page 8) I wrote this howto for sun
> > boxes at work but it was using openssh so same rules should apply.
> > Make sure chroot support was compiled in though
> >
> > 1. Dont bother with sun ssh it wont work. Opensolaris and later
> solaris
> > 10 are bundled with openssh though.
> > 2. Make sure openssh version is 5 or above (some 4s do work but 5
> better)
> > 3. Add these lines to sshd config
> >
> > Match Group sftponly
> > ChrootDirectory /home/chroot/%u
> > X11Forwarding no
> > AllowTcpForwarding no
> > ForceCommand internal-sftp
> >
> > 4. Make sure the Subsystem line is this
> >
> > Subsystem sftp internal-sftp
> >
> > 5. create the sftponly group on the system
> > 6. put the relevent users in this group. be careful as you will stop
> them
> > being able to ssh in!!
> > 7. Dead important this bit !!!
> >
> > mkdir -p /home/chroot/<user>/home/<user>/.ssh
> > chown -R root /home/chroot/<user>
> > chown -R <user> /home/chroot/<user>
>
> Shouldn't this line be:
> chown -R <user> /home/chroot/<user>/home/<user
>
strictly yes I probably missed i step where i sym linked it as i was copying
stuff from the shell history
>
> > chmod -R 755 /home/chroot/<user> /home/chroot/<user>/home/<user>
> > ln -s /home/chroot/<user>/home/<user> /home/.
> >
> > 8. Put their ssh keys in /home/chroot/<user>/home/<user>/.ssh
> >
> > All should now work
>
>
More information about the freebsd-questions
mailing list