HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials

HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials (http://www.howtoforge.com/forums/index.php)
-   Installation/Configuration (http://www.howtoforge.com/forums/forumdisplay.php?f=16)
-   -   SSH Users CHROOT (http://www.howtoforge.com/forums/showthread.php?t=1739)

howser 19th December 2005 23:50

SSH Users CHROOT
 
Hi everyone,
Is there a way to CHROOT the users who come in via SSH so that they cannot see the files of other users? I'd like to grant them SSH access but I can't do that if they are able to see other users files and directories. Any help would be appreciated.

Take care,

Howser

falko 20th December 2005 00:52

You have to patch your SSH daemon; the "normal" OpenSSH daemon does not have the ability to chroot users.

Have a look at these pages:
http://chrootssh.sourceforge.net/index.php
http://www.brandonhutchinson.com/chroot_ssh.html
http://mail.incredimail.com/howto/openssh/

howser 20th December 2005 18:24

Thanks Falko -- I've looked through those examples, since I'm running Ubuntu I have to make sure that everything is cool and it's cool to do it over SSH. Anyone out there done this using Ubuntu or Debian?

Thanks!

Ovidiu 20th December 2005 18:48

if I remember correct when I once tried to use the bastille package one of the questions I was asked was if my users should see other users files and if answered with yes it might have the same effect desired here?

I am not 100% sure, its just a dim memory, maybe you give it a try..

howser 20th December 2005 21:51

Interesting, I installed it and checked the ISPConfig interface, no options to do that. It seems like this would be a good default configuration for a hosting app though right? Why would you ever want your users to see each other? Anyway, I'll keep digging. Feel free to chime in.

till 20th December 2005 23:41

Thats not the question of ISPConfig settings. The problem is that there is no Linux distribution that supports chrooted SSH out of the box.

howser 22nd December 2005 17:55

Agreed, I guess I should be clearer, it would be cool to add that to the ISPConfig/Perfect Setup that I've seen posted on the web. Seems like most people who use ISPConfig would want that functionality out of the box.

falko 22nd December 2005 18:24

I'll see what I can do... :)

danf.1979 24th December 2005 11:25

Any updates from you guys?
I'm going to try chrooting users, and I'll be posting my google findings in here

danf.1979 24th December 2005 11:46

Have you checked this link? http://www.chains.ch/


All times are GMT +2. The time now is 00:00.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.