[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: restricting sftp/ssh login access


1.) Set users shell to /bin/false and add it to /etc/shells.
This will prevent ssh access for users, but allows ftp etc.

But what you are asking for is that (I think)
2.) http://chrootssh.sourceforge.net/index.php
Chroot your ssh for non-admin users by
 - patching ssh
 - replacing Users homedir from /home/username/ to /home/username/./
   (sshd recognizes "/./" at the end of the homedir and chroots that user
- build a "mini-system" in users homedir (necessary!). I played around with that but had not much success because I don't want to set up a *real* whole system for every user, because I would run in "apt-ing" probs. I had a look at busybox, which could solve that problem. If anyone knows how this works (login-shell with busybox-static + basic commands) please write a howto for me ;) !


Reply to: