Re: restricting sftp/ssh login access

To: debian-isp@lists.debian.org
Cc: Robert Cates <robert@kormar.de>
Subject: Re: restricting sftp/ssh login access
From: Andreas John <lists@aj.net-lab.net>
Date: Mon, 28 Jun 2004 14:28:14 +0200
Message-id: <[🔎] 40E00EDE.1090401@aj.net-lab.net>
In-reply-to: <[🔎] 004e01c45cf9$144d2a30$0d01a8c0@kormar.net>
References: <[🔎] 004e01c45cf9$144d2a30$0d01a8c0@kormar.net>

Hi!

1.) Set users shell to /bin/false and add it to /etc/shells.
This will prevent ssh access for users, but allows ftp etc.

But what you are asking for is that (I think)
2.) http://chrootssh.sourceforge.net/index.php
Chroot your ssh for non-admin users by
 - patching ssh
 - replacing Users homedir from /home/username/ to /home/username/./
   (sshd recognizes "/./" at the end of the homedir and chroots that user

- build a "mini-system" in users homedir (necessary!). I played aroundwith that but had not much success because I don't want to set up a*real* whole system for every user, because I would run in "apt-ing"probs. I had a look at busybox, which could solve that problem.If anyone knows how this works (login-shell with busybox-static + basiccommands) please write a howto for me ;) !


rgds,
Andreas

Reply to:

Follow-Ups:
- Re: restricting sftp/ssh login access
  - From: MB <sparkynine@yahoo.com>
- Re: restricting sftp/ssh login access
  - From: "Robert Cates" <robert@kormar.de>

References:
- restricting sftp/ssh login access
  - From: "Robert Cates" <robert@kormar.de>

Prev by Date: Re: restricting sftp/ssh login access
Next by Date: SCSI Controller for Linux
Previous by thread: Re: restricting sftp/ssh login access
Next by thread: Re: restricting sftp/ssh login access
Index(es):
- Date
- Thread