RE: SFTP + Chroot
From: Timothy Carey (tcarey@bigfootinteractive.com)Date: 10/31/01
- Previous message: Michael H. Warfield: "Re: changing root account name"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Subject: RE: SFTP + Chroot Date: Wed, 31 Oct 2001 17:22:38 -0500 Message-ID: <1C1BC42B1A869348A06794D5CAED0BC307A4DB@exchange01.office.bigfootinteractive.com> From: "Timothy Carey" <tcarey@bigfootinteractive.com> To: <focus-linux@lists.securityfocus.com>
After doing a little more research, I answered my own question. For
those interested, here's how to do it:
1) Download and install ssh from ssh.com with the following option
./configure --enable-static
make ; make install.. blah blah
2)cd into the account you want to be chrooted and do the following:
> mkdir bin
> cd bin
> cp /usr/local/bin/ssh-dummy-shell.static .
> cp /usr/local/bin/sftp-server2.static .
> ln -s ssh-dummy-shell.static ssh-dummy-shell
> ln -s sftp-server2.static sftp-server
3) Configure sshd2_config by adding the following line:
ChRootUsers user1,user2
-or-
ChRootGroups group1,group2
4) Change the chrooted users shell to /bin/ssh-dummy-shell in
/etc/passwd (NO.. not /usr/local/bin/ssh-dummy-shell.. just use
/bin/ssh-dummy-shell)
Fire up sshd, and you should be all set..
-Tim
-----Original Message-----
From: Timothy Carey
Sent: Wednesday, October 31, 2001 03:39 PM
To: focus-linux@lists.securityfocus.com
Subject: SFTP + Chroot
Hi,
Is there a way to limit a users account to SFTP use without giving them
access to a login shell? Also, how would one keep a user chrooted in
their home directory once they access the machine via SFTP? Any thoughts
on this would be greatly appreciated. Thanks..
-Tim
tim@bigfootinteractive.com
UNIX Systems Administrator
www.bigfootinteractive.com
- Previous message: Michael H. Warfield: "Re: changing root account name"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
