2009/12/28 Tijl Coosemans <t...@coosemans.org> > On Sunday 27 December 2009 18:16:47 krad wrote: > > fairly easy if you read the man page 8) I wrote this howto for sun > > boxes at work but it was using openssh so same rules should apply. > > Make sure chroot support was compiled in though > > > > 1. Dont bother with sun ssh it wont work. Opensolaris and later > solaris > > 10 are bundled with openssh though. > > 2. Make sure openssh version is 5 or above (some 4s do work but 5 > better) > > 3. Add these lines to sshd config > > > > Match Group sftponly > > ChrootDirectory /home/chroot/%u > > X11Forwarding no > > AllowTcpForwarding no > > ForceCommand internal-sftp > > > > 4. Make sure the Subsystem line is this > > > > Subsystem sftp internal-sftp > > > > 5. create the sftponly group on the system > > 6. put the relevent users in this group. be careful as you will stop > them > > being able to ssh in!! > > 7. Dead important this bit !!! > > > > mkdir -p /home/chroot/<user>/home/<user>/.ssh > > chown -R root /home/chroot/<user> > > chown -R <user> /home/chroot/<user> > > Shouldn't this line be: > chown -R <user> /home/chroot/<user>/home/<user >
strictly yes I probably missed i step where i sym linked it as i was copying stuff from the shell history > > > chmod -R 755 /home/chroot/<user> /home/chroot/<user>/home/<user> > > ln -s /home/chroot/<user>/home/<user> /home/. > > > > 8. Put their ssh keys in /home/chroot/<user>/home/<user>/.ssh > > > > All should now work > > _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
