Limitting SSH access
kraduk at gmail.com
Wed May 4 15:27:09 UTC 2011
On 4 May 2011 12:47, Balázs Mátéffy <repcsike at gmail.com> wrote:
> On 4 May 2011 13:35, Matthew Seaman <m.seaman at infracaninophile.co.uk>
> > On 04/05/2011 10:08, Jack Raats wrote:
> > > I have a question concerning SSH op a FreeBSD 7.4-STABLE server.
> > >
> > > Is it possible to limit the SSH access?
> > > I want t o restrict a user to his own home directory.
> > > So that if he connects to the server with SSH he only can go to his own
> > home dir.
> > > Also the same for sftp...
> > >
> > I believe you will need to install a version of OpenSSH from ports to
> > get that functionality. It's the CHROOT config option in
> > security/openssh-portable
> > Cheers
> > Matthew
> > --
> > Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard
> > Flat 3
> > PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate
> > JID: matthew at infracaninophile.co.uk Kent, CT11 9PW
> It should work with the base openssh on 7.4. Check your version with sshd
> Here, search for chroot(or use google :)):
> Regarding ssh login, I usually use "rbash" from the ports, that restricts
> the user from leaving his or her home directory!
> Balazs Mateffy.
> freebsd-questions at freebsd.org mailing list
> To unsubscribe, send any mail to "
> freebsd-questions-unsubscribe at freebsd.org"
if you want them to be able to get a shell ether then sftp prompt then you
will have to go for the rbash option. If you chroot the shell to their home
dir they wont have access to any system binaries so wont be able to 'ls' for
Having said that you could build a tree of all the binaries they need along
with all the dependent libraries. This would get a bit cumbersome and
wasteful of disk space for lots of users though. You might be better off
More information about the freebsd-questions