[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: restricting sftp/ssh login access


I don't exactly like the idea of having to setup a "mini-system" in
everybodies home dir, so maybe the Jailkit will be the answer.(?)  Somehow
I'm a little surprised that the OpenSSH project hasn't provided this feature
in SSH and sftp that I'm looking for.  Maybe somebody knows the reason why?
I think my next e-mail will be to the OpenSSH project ;-)

----- Original Message ----- 
From: "Andreas John" <lists@aj.net-lab.net>
To: <debian-isp@lists.debian.org>
Cc: "Robert Cates" <robert@kormar.de>
Sent: Monday, June 28, 2004 2:28 PM
Subject: Re: restricting sftp/ssh login access

> Hi!
> 1.) Set users shell to /bin/false and add it to /etc/shells.
> This will prevent ssh access for users, but allows ftp etc.
> But what you are asking for is that (I think)
> 2.) http://chrootssh.sourceforge.net/index.php
> Chroot your ssh for non-admin users by
>   - patching ssh
>   - replacing Users homedir from /home/username/ to /home/username/./
>     (sshd recognizes "/./" at the end of the homedir and chroots that user
>   - build a "mini-system" in users homedir (necessary!). I played around
> with that but had not much success because I don't want to set up a
> *real* whole system for every user, because I would run in "apt-ing"
> probs. I had a look at busybox, which could solve that problem.
> If anyone knows how this works (login-shell with busybox-static + basic
> commands) please write a howto for me ;) !
> rgds,
> Andreas
> -- 
> To UNSUBSCRIBE, email to debian-isp-REQUEST@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact

Reply to: