Re: Restrict SSH users to home directory
From: Nico Kadel-Garcia (nkadel@bellatlantic.net)
Date: 12/27/02
- Next message: Nico Kadel-Garcia: "Re: Newbie to secure shell"
- Previous message: mw: "Re: Can't Login? pam?"
- In reply to: Kyler Laird: "Re: Restrict SSH users to home directory"
- Next in thread: Kyler Laird: "Re: Restrict SSH users to home directory"
- Reply: Kyler Laird: "Re: Restrict SSH users to home directory"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Nico Kadel-Garcia" <nkadel@bellatlantic.net> Date: Fri, 27 Dec 2002 06:44:39 GMT
"Kyler Laird" <Kyler@news.Lairds.org> wrote in message
news:uf9ed-t07.ln1@news.lairds.org...
> >>I am looking into making a cage for each user. There will only be about
5
> >>users (customers exchanging files via WinSCP) right now and then we'll
> >>slowly add others. I'll have to write a script to automate the
> >>cage-creation process otherwise it'll be nothing but headaches.
>
> If they're only running WinSCP, it'd probably be easy to
> write a different "shell" that is always run on login. I
> have done this with users who I only want to be able to
> rsync in some directory. I check the rsync args and if
> everything looks o.k. it runs. If not, it fails.
Unfortunately, some such "shells" are actually shell scripts, and they are
historically quite easy to break out of.
ssh.com used this trick for their so-called chroot cage in ssh-3.x, and I'd
still like to slap the manager in the head who thought it was a good idea.
- Next message: Nico Kadel-Garcia: "Re: Newbie to secure shell"
- Previous message: mw: "Re: Can't Login? pam?"
- In reply to: Kyler Laird: "Re: Restrict SSH users to home directory"
- Next in thread: Kyler Laird: "Re: Restrict SSH users to home directory"
- Reply: Kyler Laird: "Re: Restrict SSH users to home directory"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
