Re: restricting sftp/ssh login access

[MB <sparkynine@yahoo.com>]

Hi,

It sounds to me like you are looking for a chroot jail for some users. 

apt-get install jailer
( jailer - Builds and maintains chrooted environments )

You will need to run a special daemon (jk_socketd) to log users into the 
jail, but that is about the hardest part.  I'll post my startup script 
if you would like.

Mark

p.s. If this were my machine, I would turn off ftp and only allow sftp, btw.




Andreas John wrote:

> Hi!
>
> 1.) Set users shell to /bin/false and add it to /etc/shells.
> This will prevent ssh access for users, but allows ftp etc.
>
> But what you are asking for is that (I think)
> 2.) http://chrootssh.sourceforge.net/index.php
> Chroot your ssh for non-admin users by
>  - patching ssh
>  - replacing Users homedir from /home/username/ to /home/username/./
>    (sshd recognizes "/./" at the end of the homedir and chroots that user
>  - build a "mini-system" in users homedir (necessary!). I played 
> around with that but had not much success because I don't want to set 
> up a *real* whole system for every user, because I would run in 
> "apt-ing" probs. I had a look at busybox, which could solve that problem.
> If anyone knows how this works (login-shell with busybox-static + 
> basic commands) please write a howto for me ;) !
>
> rgds,
> Andreas