Re[2]: chroot-ing users coming in via SSH and/or SFTP?

From: DanGer (danger_at_wilbury.sk)
Date: 12/21/04

Next message: Gerhard Schmidt: "Re: Strange command histories in hacked shell history"

Previous message: Marton Kenyeres: "Re: chroot-ing users coming in via SSH and/or SFTP?"
In reply to: Nigel Houghton: "Re: chroot-ing users coming in via SSH and/or SFTP?"
Next in thread: David E. Meier: "Re: Re[2]: chroot-ing users coming in via SSH and/or SFTP?"
Reply: David E. Meier: "Re: Re[2]: chroot-ing users coming in via SSH and/or SFTP?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Tue, 21 Dec 2004 14:33:48 +0100
To: Nigel Houghton <nigel@sourcefire.com>, freebsd-security@freebsd.org

Hi Nigel,

Monday, December 20, 2004, 11:19:29 PM, si napisal:

> On 0, Brett Glass <brett@lariat.org> allegedly wrote:
>> At 02:23 PM 12/20/2004, Nigel Houghton wrote:
>>
>> >Is there something wrong with using the scponly shell for the users?
>>
>> Mainly that I hadn't heard of it until you mentioned it. ;-)
>> Thank you! (I knew I could get a quick answer, if there was one,
>> from the list.)

> aha, ok, good.

>> I just tried building it (twice, because the first time I didn't
>> realize that it required a special variable to be defined before
>> it would set itself up to chroot users). I'll be testing it shortly
>> to be sure that the "jails" created by its sample script (which
>> creates both the user ID and the jail) have everything needed for
>> FreeBSD.
>>
>> It'd be nice if there were a more centralized "chroot" facility
>> that covered SSH, FTP, and other things as well.
>>
>> --Brett

> Take a look at the Jail project, you'll find it here...

> http://www.jmcresearch.com/projects/jail/

> ..and in ports/sysutils/ along with some other jail tools, it may
> provide some of the features you are looking for.

> +-----------------------------------------------------------------+
> Nigel Houghton Research Engineer Sourcefire Inc.
> Vulnerability Research Team

> Stewie: You know, I rather like this God fellow. Very theatrical,
> you know. Pestilence here, a plague there. Omnipotence
> ...gotta get me some of that.
> _______________________________________________
> freebsd-security@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-security
> To unsubscribe, send any mail to
> "freebsd-security-unsubscribe@freebsd.org"

maybe somebody should port this:

http://chrootssh.sourceforge.net/index.php

it seems good :-)

-- 
Sincerely
+----------==/\/\==----------+       (__)      FreeBSD
| DanGer <danger@wilbury.sk> |    \\\'',)      The
| DanGer@IRCnet ICQ261701668 |      \/  \ ^    Power
|   http://danger.rulez.sk   |      .\._/_)    To
+----------==\/\/==----------+                 Serve
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"

Next message: Gerhard Schmidt: "Re: Strange command histories in hacked shell history"

Previous message: Marton Kenyeres: "Re: chroot-ing users coming in via SSH and/or SFTP?"
In reply to: Nigel Houghton: "Re: chroot-ing users coming in via SSH and/or SFTP?"
Next in thread: David E. Meier: "Re: Re[2]: chroot-ing users coming in via SSH and/or SFTP?"
Reply: David E. Meier: "Re: Re[2]: chroot-ing users coming in via SSH and/or SFTP?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]