Re: How to restrict ssh user to the home directory ?



On Tue, Apr 21, 2009 at 9:25 AM, J. Bakshi <bakshi12@xxxxxxxxx> wrote:
Dear list,

I am running a remote suse server and need to give ssh access to the
users who can work on their particular web folder only. The version of
ssh server is openssh-5.0p1-21.1

I have already did huge google search but could not find any sshd
features which can allow ssh users to restrict them in their home directory.
I have found some documentations where chroot or jailkit is used to
achieve this and these need some more configuration and obviously
"chown root:root <home-folder>" . But I need an option which simply
restrict ssh users so that they can't browse beyond their home directory.
It is also not possible to do "chown root:root <home-folder>" as the
folders which are used as home directory are actually web folder under
apache htdocs having apache permission.  I don't need sftp but ssh
access. Is it really impossible to have this feature through ssh technology ?

Thanks


Short answer, "no."

Long answer...

ssh forks the user's login shell, when not using sftp. Because ssh is just a
transport, not a shell, you would need to look into some sort of restricted
shell as the user's login shell, or go all out with a chroot environment that
encapsulates a normal shell.

--
And, did Galoka think the Ulus were too ugly to save?
-Centauri



Relevant Pages

  • Re: Learning Lisp
    ... I compared VNC to SSH. ... Some programs can work only over VNC or a similar protocol, so I had a chance to compare these approaches. ... Let's say I need to check access rights on file /home/foo/bar.txt on server quux. ... This is what I would call 'doing it myself' -- I think of something, translate it to shell language, type and get results. ...
    (comp.lang.lisp)
  • Re: SFTP is not working
    ... When I try to use sftp or scp2, I get a message like this: ... sftp and scp2 both actually work by running ssh in a subprocess, ... The reason the shell startup files are relevant at all, ...
    (comp.security.ssh)
  • Re: Did you hack into my UNIX server Bible Bob?
    ... But that's not a shell question. ... >> OSX users, should I be using ssh instead of telnet for security? ... OSX as a built in firewall tab. ...
    (comp.unix.shell)
  • Re: "Driving" Linux Command Line from C# ?
    ... the usual Google search. ... Putty is great for manual work, but no API ... would be an SSH utility with an API but if it exists I haven't been ... Just be sure that you are sure about the shell on the ...
    (microsoft.public.dotnet.languages.csharp)
  • Re: Execute and lock a user into a program upon login
    ... logs in to the box via SSH, a command is run, and they immediately get ... dropped into the environment that the command produces. ... user is dropped into the application 'vtysh' ... shell drops (ie. user does not have to exit the csh shell to drop the ...
    (freebsd-questions)