there is better alternative w/o need to breaking ssh down:
An alternative to jailkit is chrsh http://www.adg.us/computers/chrsh.html it also does not require changing any code in ssh, it is a chroot jail wrapper, invoked by setting user's shell to the wrapper. (warning - warning - if you include any setuid application like ping in the jail, the user can obtain root priviledges) (think carefully before trying to chroot an ssh/sftp/scp login) Ben Goren did an unofficial port that seems to not have been updated recently so it may not make with recent versions of OpenBSD without modification, we posted notes on misc about thatthis year. Ben's site: http://www.trumpetpower.com/pub/OpenBSD_ports/chrsh-1.0b2.tgz (i'd say google the notes, but for some reason I checked and google was not finding recent misc postings very well for chrsh, so I searched the MARC misc archives ...) recent postings to misc about chrsh http://marc.theaimsgroup.com/?l=openbsd-misc&m=113570342808678&w=2 http://marc.theaimsgroup.com/?l=openbsd-misc&m=113570856221149&w=2 http://marc.theaimsgroup.com/?l=openbsd-misc&m=113934124611066&w=2
