Re: Need advice on setting of an SSH server for untrusted users
From: chabral (chabral_at_hotmail.com)
Date: Wed, 21 Sep 2005 20:32:39 -0300
"General Schvantzkoph" <firstname.lastname@example.org> escribió en el mensaje
> I've just set up an ssh server so that my customers can download code
> releases from me. I've set up ssh so that it requires rsa authentication.
> I've created a separate account and group for each customer and placed
> their public keys in their local ~/.ssh/authorized_keys file. The server
> machine is dedicated to this purpose, there is no sensitive data on the
> system. The system is running FC3 with all of the current patches.
> My question is there a way that I can restrict these users to scping files
> to and from their own directory? I don't want a user who has sshed into
> their account to be able to see any other directory or to access any other
> system on my network. Ideally I'd like to limit what they can to scp to
> and from their own directory and nothing else. I've seen mention of chroot
> jails on this group but I'm confused as to what they do exactly and how to
> set one up (assuming that's even the solution to this problem).
I've been using rssh for this purpose without problems since more than a
Check this out: