[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: chroot and OpenSSH

> I don't have much experience with chroot, but I want to set up an SSH
> access for a user and restrict them to their home directory.
> 
> I've done a little research and found out that the commercial SSH2
> provides "ChRootUsers" and "ChRootGroups" configuration directives.
> While I suppose that I could install SSH2 because their licensing allows
> for free use with the Linux OS, I would rather stick with OpenSSH, which
> is what I'm using now.
> 
> According to the O'Reilly SSH book SSH2 is the only implementation of
> SSH with those directives built in.  I decided to poke around on the
> OpenSSH mailing lists to see if there was any discussion of adding a
> similar feature to OpenSSH and it looks like there is/was an unofficial
> patch in the CVS but it was never incorporated into the official OpenSSH
> distro and subsequently not in the Linux port of OpenSSH.  And I
> certainly don't know enough to try to port the patch myself.
> 
> Then I tried the following which probably indicates my ignorance of the
> Linux/SSH/login process, I tried changing  the user's shell: "/bin/bash"
> to a shell script with: usermod -s /bin/usr_login.sh which contained one line:
> 
> chroot /path/to/userhomedir /bin/bash
> 
> This fails, and I'm pretty sure that I know why, but I wanted to seek
> advice and guidance from those of you who might have experience with
> this before proceeding.

Did you add '/bin/usr_login.sh' to /etc/shells?

> Thanks in advance,
> 
> eirik

-- 
Aaron Ghent.

You're not going crazy!  
You're going sane... 
In a crazy world!
                 -- The Tick
Reply to: