stephane parenton wrote:
Hi everyone,
I'm looking for a solution to restrict a user ssh'ing a box to go everywhere. A doc about ssh pointed me upon ssh-chrootmgr that seems to do what I want... But I have to re-compile ssh statically it seems.
Does anybody ever did this ? if yes what are the traps i may encounter ? can I simply take the sources and configure/make/make install it without any problem while having already a ssh installed. (should I have to remove it or can I just overwrite it ?)
Hi Stephane, if you look into the contrib directory of the OpenSSH source tree, you'll find a small patch called "chroot.diff". This adds chroot functionality to the ssh server using '/./' tokens in /etc/passwd. Unfortunately, the patch isn't quite up to date and doesn't apply cleanly to recent OpenSSH versions, so you would have to apply it manually. Or drop me a note and I'll send you a patch that works. You would have to recompile OpenSSH, but it does not have to be linked statically to use the chroot functionality. Mike