chroot-ing users coming in via SSH and/or SFTP?

martin hudec corwin at
Mon Dec 20 13:27:16 PST 2004


On Mon, Dec 20, 2004 at 02:23:02PM -0700 or thereabouts, Brett Glass wrote:
> The users depositing files on the server shouldn't be allowed to see what
> one another are doing or to grope around on the system, so it'd be a good
> idea to chroot them into home directories, as is commonly done with FTP.
> However, OpenSSH (or at least FreeBSD's version of it) doesn't seem to have a
> mechanism that allows users doing SSH, SCP, or SFTP to be chroot-ed into a 
> specific directory. What is the most effective and elegant way to do this? I've 
> seen some crude patches that allow you to put a /. in the home directory specified
> in /etc/passwd, but these are specific to versions of the "portable" OpenSSH
> and none of the diffs seem to match FreeBSD's files exactly. 

     go for /usr/ports/shells/scponly, it also has ability to use



martin hudec

   * 421 907 303 393
   * corwin at

"Nothing travels faster than the speed of light with the possible 
exception of bad news, which obeys its own special laws."

   Douglas Adams, "The Hitchhiker's Guide to the Galaxy"
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url :

More information about the freebsd-security mailing list