Hi, I don't exactly like the idea of having to setup a "mini-system" in everybodies home dir, so maybe the Jailkit will be the answer.(?) Somehow I'm a little surprised that the OpenSSH project hasn't provided this feature in SSH and sftp that I'm looking for. Maybe somebody knows the reason why? I think my next e-mail will be to the OpenSSH project ;-)
Thanks, Robert ----- Original Message ----- From: "Andreas John" <[EMAIL PROTECTED]> To: <debian-isp@lists.debian.org> Cc: "Robert Cates" <[EMAIL PROTECTED]> Sent: Monday, June 28, 2004 2:28 PM Subject: Re: restricting sftp/ssh login access > Hi! > > 1.) Set users shell to /bin/false and add it to /etc/shells. > This will prevent ssh access for users, but allows ftp etc. > > But what you are asking for is that (I think) > 2.) http://chrootssh.sourceforge.net/index.php > Chroot your ssh for non-admin users by > - patching ssh > - replacing Users homedir from /home/username/ to /home/username/./ > (sshd recognizes "/./" at the end of the homedir and chroots that user > - build a "mini-system" in users homedir (necessary!). I played around > with that but had not much success because I don't want to set up a > *real* whole system for every user, because I would run in "apt-ing" > probs. I had a look at busybox, which could solve that problem. > If anyone knows how this works (login-shell with busybox-static + basic > commands) please write a howto for me ;) ! > > rgds, > Andreas > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > >
