Re: How to restrict ssh user to the home directory ?



i a long time read that is possible

this link show how to, are in spanish, but i remenber already in english guide.


http://www.linuxparatodos.net/portal/staticpages/index.php?page=como-openssh-chroot

good luck!

--------------------------------------------------
From: "Romain Pelisse" <belaran@xxxxxxxxx>
Sent: Thursday, April 23, 2009 11:07 AM
To: <secureshell@xxxxxxxxxxxxxxxxx>
Subject: Re: How to restrict ssh user to the home directory ?

I don't really feell it is possible... It goes a little bit outside
the perimeter of sshd here. You should look more on the system side, a
tool such as SELinux may be able to enforce this kind of possible.

(i don't think it is possible but i'm far from being 100% here, if
somebody disagree with me, please do write it :) )

2009/4/21 J. Bakshi <bakshi12@xxxxxxxxx>

Dear list,

I am running a remote suse server and need to give ssh access to the users who can work on their particular web folder only. The version of ssh server is openssh-5.0p1-21.1

I have already did huge google search but could not find any sshd features which can allow ssh users
to restrict them in their home directory. I have found some documentations where chroot or jailkit is used to achieve this and
these need some more configuration and obviously "chown root:root <home-folder>" . But I need an option which simply restrict ssh users so that they can't browse beyond their home directory. It is also not possible to do "chown root:root <home-folder>" as the folders which are used as home directory are actually web folder under apache htdocs having apache permission. I don't need sftp but ssh access. Is it really impossible to have this feature through ssh technology ?

Thanks



--
Romain PELISSE,
"The trouble with having an open mind, of course, is that people will
insist on coming along and trying to put things in it" -- Terry
Pratchett
http://belaran.eu/




Relevant Pages

  • Re: X11Forwarding, ssh -X, and /bin/su
    ... ]>but I'm not really tunneled using ssh then, ... ]connecting to the X server and have the home directory NFS-mounted ... ](unless you leave root unmapped over NFS, ... ]root-readable place and set the environment $XAUTHORITY variable ...
    (comp.security.ssh)
  • ssh is unable to get Xauthority from shared home dir
    ... in our environment we are opening CDE sessions on ... different solaris 8 systems for the same user. ... home directory is NFS mounted. ... Then we are opening ssh ...
    (SunManagers)
  • Re: mount remote drives via ssh?
    ... I have a script to mount the remote files - anyway to tell ssh what the ... "ssh will request a password if your home directory is 777 permissions" ... This is the exact thing I needed and I can modify my usual script to mount these directories as a user rather than root, which is a whole lot safer. ...
    (comp.os.linux.misc)
  • Re: Limitting SSH access
    ... Is it possible to limit the SSH access? ... I want t o restrict a user to his own home directory. ... Regarding ssh login, I usually use "rbash" from the ports, that restricts ...
    (freebsd-questions)
  • Re: Limitting SSH access
    ... Is it possible to limit the SSH access? ... I want t o restrict a user to his own home directory. ...
    (freebsd-questions)