Re: Equilivant for a sshchroot file?
From: Brooks Davis (brooks_at_one-eyed-alien.net)
Date: 01/14/05
- Previous message: vvi tech: "Equilivant for a sshchroot file?"
- In reply to: vvi tech: "Equilivant for a sshchroot file?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 13 Jan 2005 17:54:47 -0800 To: vvi tech <tech@vvi.at>
On Thu, Jan 13, 2005 at 05:43:47PM -0800, vvi tech wrote:
> Hey guys I really have made use of the ftpchroot file in /etc but I wonder
> why is there no equivalent of that for ssh and telnet accounts? Basically
> simply limiting traversing the file system to specific shell users root.
It's a vastly different problem. With ftp, all you need to do is keep
the daemon and possiably a few external programs working. With ssh or
telnet, there's little point unless you can keep a set of applications
working. There are choot patches for ssh avaliable. Alternativly, you
can use jail(8) to seperate processes from each other.
One (debian specific)writeup on chrooted ssh:
http://www.debian.org/doc/manuals/securing-debian-howto/ap-chroot-ssh-env.en.html
-- Brooks
-- Any statement of the form "X is the one, true Y" is FALSE. PGP fingerprint 655D 519C 26A7 82E7 2529 9BF0 5D8E 8BE9 F238 1AD4
- application/pgp-signature attachment: stored
- Previous message: vvi tech: "Equilivant for a sshchroot file?"
- In reply to: vvi tech: "Equilivant for a sshchroot file?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
