Re: ssh login user shoud only see his home

From: Bill Unruh (unruh_at_string.physics.ubc.ca)
Date: 06/27/03

• Next message: Irving F. Snurd: "Re: PuTTY and SSH2 on OpenVMS - Not"
• Previous message: Toscani: "Re: OpenSSH 3.6.1p1 adding CRs, hurting CVS client/server communications"
• In reply to: John: "Re: ssh login user shoud only see his home"
• Next in thread: Hactar: "Re: ssh login user shoud only see his home"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: 27 Jun 2003 19:11:40 GMT

jr2@dataconnection.com (John) writes:

]Nico Kadel-Garcia <nkadel@verizon.net> wrote in message news:<3EF90404.2090509@verizon.net>...
]> Frank Wurdinger wrote:
]>
]> > hello
]> >
]> > I need help.
]> > The user which login to my maschine should only see there home dirs and
]> > they should not change the to the dirs above.
]> >
]> > thanks for help
]> >
]>
]> You need a chroot cage. Hit sourceforge.net for an explanation of the
]> needed patches and tools.

]I have set up such a cage on Solaris, however I would like to be able
]to ssh OUT of the box as well.

]As I am in the chroot cage there is no way for ssh to authenticate me
]as a user and therefore I get the classic "You don't exist, go away!"
]message.

]Does anyone have Solaris specific knowledge of which files I need to
]dupluicate for such a user.

This just sounds silly to me. Why in the world would you want to
duplicate the whole system for each user, as you are discovering you
have to do. If you have data that is really that sensitive, buy a new
computer. A chroot jail just is not strong enough to keep out a
determined adversary and is too much of a pain to set up and use.
You would have to copy over /etc/passwd at least, plus probably the
whole /etc/pam.d and libpam etc stuff.

---

• Next message: Irving F. Snurd: "Re: PuTTY and SSH2 on OpenVMS - Not"
• Previous message: Toscani: "Re: OpenSSH 3.6.1p1 adding CRs, hurting CVS client/server communications"
• In reply to: John: "Re: ssh login user shoud only see his home"
• Next in thread: Hactar: "Re: ssh login user shoud only see his home"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: ssh login user shoud only see his home ... >> The user which login to my maschine should only see there home dirs and ... I have set up such a cage on Solaris, however I would like to be able ... As I am in the chroot cage there is no way for ssh to authenticate me ... (comp.security.ssh) Re: sftp without shell access ... Only if you put it in a chroot cage. ... nice clean patch set integrated into OpenSSH, ... While that tool is nifty for controlling certain steps of the SSH ... Both sftp and, say, "rsync -e ssh" can be set up for automated file ... (comp.security.ssh) Re: sftp and chroot ... > files and directorys aren't available after doing the chroot. ... Given the correct operation of ssh in the chroot cage, ... most cases of needing an SSH chroot cage are more easily and better ... access via Windows2K, Windows XP, most Linux distributions, and trivial ... (comp.security.ssh) Re: ssh login user shoud only see his home ... >>The user which login to my maschine should only see there home dirs and ... the rsh you're referring to is not the same thing at all. ... than out of a chroot cage involving the same amount of labor to create. ... some folks want to have a real login with local shell to use in ... (comp.security.ssh) Re: Secure FTPD (SSL) ... use SSH with chroot cage if you need one. ... i am really not a supporter of ssh AT all, it seems to have had more ... chroot jail, make damn sure root can never be obtained inside that ... (comp.os.linux.security)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(13)