Re: How to restrict ssh user to the home directory ?



I don't really feell it is possible... It goes a little bit outside
the perimeter of sshd here. You should look more on the system side, a
tool such as SELinux may be able to enforce this kind of possible.

(i don't think it is possible but i'm far from being 100% here, if
somebody disagree with me, please do write it :) )

2009/4/21 J. Bakshi <bakshi12@xxxxxxxxx>

Dear list,

I am running a remote suse server and need to give ssh access to the users who can work on their particular web folder only. The version of ssh server is openssh-5.0p1-21.1

I have already did huge google search but could not find any sshd features which can allow ssh users
to restrict them in their home directory. I have found some documentations where chroot or jailkit is used to achieve this and
these need some more configuration and obviously "chown root:root <home-folder>" . But I need an option which simply restrict ssh users so that they can't browse beyond their home directory. It is also not possible to do "chown root:root <home-folder>" as the folders which are used as home directory are actually web folder under apache htdocs having apache permission.  I don't need sftp but ssh access. Is it really impossible to have this feature through ssh technology ?

Thanks



--
Romain PELISSE,
"The trouble with having an open mind, of course, is that people will
insist on coming along and trying to put things in it" -- Terry
Pratchett
http://belaran.eu/



Relevant Pages

  • Re: ssh with tcp_wrappers!! contd/-
    ... Thanks a lot for such a huge response, of course typing mistake, i was using DenyHost not DenyGhost; as suggested by david and others i did this, ... Login, as root, to my Linux system containing the sshd server. ... i am not willing to compile openssh package is there any way out via rpm installation. ... Then try to ssh to localhost. ...
    (RedHat)
  • Re: use ipchains to block all ports > 60,000
    ... else going on here except sshd which allows me to log in and monitor the ... Telnet not running but here's the ouput of ssh -V and sshd -V ... OK, ran that from an external box and it showed open ports 22, 80, plus ... My ISP looked for evidence of massive scans emanating from my ip address ...
    (comp.os.linux.security)
  • remote administration of upgrades
    ... server that I administer runs FreeBSD 4.8, ... have ssh access to ... don't want to fubar sshd and then not be able to ... kill only the ...
    (freebsd-questions)
  • Re: Is OpenSSH 3.5p1 secure?
    ... Do not allow root access over ssh. ... Do allow access over ssh for one and only one user. ... Here are a couple specific recommendations for you that you may wish ... Make sure your Protocol 2 RSA or DSA sshd keys are at the very ...
    (comp.security.ssh)
  • Re: trouble with OpenSSH_3.4p1
    ... >> I restarted sshd after the install.. ... >> Notice that the pid is owned by sshd, but an lsof of the file indicates ... to ports which were normally used by ssh. ... > the machines dorectly, i coul.d still log in using my original password. ...
    (comp.security.ssh)