Re: How to restrict ssh user to the home directory ?



On Tue, Apr 21, 2009 at 9:25 AM, J. Bakshi <bakshi12@xxxxxxxxx> wrote:
Dear list,

I am running a remote suse server and need to give ssh access to the
users who can work on their particular web folder only. The version of
ssh server is openssh-5.0p1-21.1

I have already did huge google search but could not find any sshd
features which can allow ssh users to restrict them in their home directory.
I have found some documentations where chroot or jailkit is used to
achieve this and these need some more configuration and obviously
"chown root:root <home-folder>" . But I need an option which simply
restrict ssh users so that they can't browse beyond their home directory.
It is also not possible to do "chown root:root <home-folder>" as the
folders which are used as home directory are actually web folder under
apache htdocs having apache permission.  I don't need sftp but ssh
access. Is it really impossible to have this feature through ssh technology ?

Thanks


Short answer, "no."

Long answer...

ssh forks the user's login shell, when not using sftp. Because ssh is just a
transport, not a shell, you would need to look into some sort of restricted
shell as the user's login shell, or go all out with a chroot environment that
encapsulates a normal shell.

--
And, did Galoka think the Ulus were too ugly to save?
-Centauri