Howdoo all, I've been looking at trying to secure SSH sessions so that specified users can only browse their home diretories. I've found a couple of bodges that can be made to do the trick, but none of them seem particulalry ideal. Has anyone got any suggestions on how I could secure SSH in this fashion, whether using CHROOT or something else entirely I don't mind. Cheers. ----~~~~==oOo==~~~~---- Duncan Carter ----~~~~==oOo==~~~~----
hi, here is another way to implement a chrooted ssh account: 1. use an owner specific login script, e.g. /bin/chroot-login-<user_id>: ----------------------%<---------------------------- #!/bin/bash if [ "$1" = "-c" ]; then i=0; PARAMS=""; for param in $*; do if [ $i -gt 0 ]; then PARAMS="$PARAMS $param"; fi let i++; done; sudo /usr/bin/chroot /path/to/chroot/to /bin/su - username -c "$PARAMS" else sudo /usr/bin/chroot /path/to/chroot/to /bin/su - username fi ----------------------->%---------------------------- enter the filename into your passwd file for user <username> 2. create entry in /etc/sudoers: (w/o newline ;-) username ALL = NOPASSWD: /usr/bin/chroot /path/to/chroot/to /bin/su - username* 3. create dir '/path/to/chroot/to' 4. create dirs in '/path/to/chroot/to': etc, dev, bin, lib .... 5. create /path/to/chroot/to/etc/passwd with uid, homedir etc. for username, dto. the file etc/group. copy all required files to /path/to/chroot/to/...., e.g. bash and all needed libs etc. for testing, try as root: /usr/bin/chroot /path/to/chroot/to /bin/su - username if you need more detailed infos, reply. regards, jochen
participants (2)
-
Duncan Carter -
Jochen Riks