On Wed, 20 Feb 2008 14:02:34 -0500, LeRoy, Ted wrote > I'm taking a class on system security. We're in teams and we have to > allow attacking teams ssh access to our devices. > > I'd like to limit the user account access for the other groups, > permitting them a shell and a few commands, but no ability to browse > the box or do things like cat or cp /etc/passwd. > > I'm running OpenBSD 4.2 on the server they'll be attacking. I'm an > OpenBSD noob. Learning under fire. > > If someone can help me figure out whether using ssh_config, chroot, > or just using permissions will be the easiest, most effective way > to go about it, and how to proceed, it will be much appreciated. Alternatives > would be great too. > > Thanks! > > Ted LeRoy
Ted, A new sftp chroot restriction environment is now available in -current; you may find the discussion at the OpenBSD Journal helpful: http://undeadly.org/cgi?action=article&sid=20080220110039
