Re: SSH access restrictions
http://www.grsecurity.net looks very interesting.
Another couple of jobs have popped up which I need to address first
so I don't tihink I'll be working on this 'til later in the week.
When I do I'll be sure to post an update to the list.
Many thanks to you all.
It would not be possible to come this far on my own without this list's
Marc Schiffbauer wrote:
* Rudi Starcevic schrieb am 19.10.03 um 04:30 Uhr:
Thanks also to Russel.
I did it with pam_chroot which is really nice
Great - I'll start looking here.
Currently we only really offer FTP access but would like
to include SSH access too.
I know with the right permissions a user account cannot do
any damage but I would just like to prevent these people from
I want to allow users to be able to SSH in and use things
like Postgresql, mysql and cron but not read /etc/passwd or
/etc/mail/virtusertable etc. etc.
additionally you may want to use the grsecurity Kernelpatch which
makes chroot() environments a lot more secure. Without this patch it
is not too difficult to break out of a chroot.