Hi, I never did what you mean but here is what I have in mind. The problem with chroot with ssh (if it really can be run this way), seems to be that the users could not access /bin /usr/bin,etc so they can not even list files using ls. Of course you can copy this directories to the chrooted directory. To access the home you could use a workaround mounting the homes with nfs and using iptables to allow only localhost to use nfs at all. I think the easiest way is to get another machine just for ssh, and mount the home using nfs as soon as user logs in. You can also replace nfs for another network file system like samba. You can also forget about chroot and treat with the filesystem permission, puttin 700 mode on the directories you dont want users to access. Eg. you can let users access /usr, but not /var. In this case care must be taken on directories like /etc. Hope it helps Regards Jonathan
Howdoo all,
I've been looking at trying to secure SSH sessions so that specified users can only browse their home diretories.
I've found a couple of bodges that can be made to do the trick, but none of them seem particulalry ideal.
Has anyone got any suggestions on how I could secure SSH in this fashion, whether using CHROOT or something else entirely I don't mind.
Cheers.
----~~~~==oOo==~~~~---- Duncan Carter ----~~~~==oOo==~~~~----
-- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here