Need advice on setting of an SSH server for untrusted users
From: General Schvantzkoph (schvantzkoph_at_yahoo.com)
Date: Thu, 15 Sep 2005 16:34:41 -0400
I've just set up an ssh server so that my customers can download code
releases from me. I've set up ssh so that it requires rsa authentication.
I've created a separate account and group for each customer and placed
their public keys in their local ~/.ssh/authorized_keys file. The server
machine is dedicated to this purpose, there is no sensitive data on the
system. The system is running FC3 with all of the current patches.
My question is there a way that I can restrict these users to scping files
to and from their own directory? I don't want a user who has sshed into
their account to be able to see any other directory or to access any other
system on my network. Ideally I'd like to limit what they can to scp to
and from their own directory and nothing else. I've seen mention of chroot
jails on this group but I'm confused as to what they do exactly and how to
set one up (assuming that's even the solution to this problem).