[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: SSH access restrictions



http://www.grsecurity.net looks very interesting.

Another couple of jobs have popped up which I need to address first
so I don't tihink I'll be working on this 'til later in the week.

When I do I'll be sure to post an update to the list.

Many thanks to you all.
It would not be possible to come this far on my own without this list's assistance/advice.

Best regards

Marc Schiffbauer wrote:

* Rudi Starcevic schrieb am 19.10.03 um 04:30 Uhr:
Thanks Marc,

Thanks also to Russel.

I did it with pam_chroot which is really nice
Great - I'll start looking here.

Currently we only really offer FTP access but would like
to include SSH access too.

I know with the right permissions a user account cannot do
any damage but I would just like to prevent these people from
snooping around.

I want to allow users to be able to SSH in and use things
like Postgresql, mysql and cron but not read /etc/passwd or /etc/mail/virtusertable etc. etc.


additionally you may want to use the grsecurity Kernelpatch which
makes chroot() environments a lot more secure. Without this patch it
is not too difficult to break out of a chroot.


Reply to: