#1  
Old 19th December 2005, 22:50
howser howser is offline
Junior Member
 
Join Date: Dec 2005
Posts: 4
Thanks: 0
Thanked 0 Times in 0 Posts
Default SSH Users CHROOT

Hi everyone,
Is there a way to CHROOT the users who come in via SSH so that they cannot see the files of other users? I'd like to grant them SSH access but I can't do that if they are able to see other users files and directories. Any help would be appreciated.

Take care,

Howser
Reply With Quote
Sponsored Links
  #2  
Old 19th December 2005, 23:52
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,735 Times in 2,571 Posts
Default

You have to patch your SSH daemon; the "normal" OpenSSH daemon does not have the ability to chroot users.

Have a look at these pages:
http://chrootssh.sourceforge.net/index.php
http://www.brandonhutchinson.com/chroot_ssh.html
http://mail.incredimail.com/howto/openssh/
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #3  
Old 20th December 2005, 17:24
howser howser is offline
Junior Member
 
Join Date: Dec 2005
Posts: 4
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Thanks Falko -- I've looked through those examples, since I'm running Ubuntu I have to make sure that everything is cool and it's cool to do it over SSH. Anyone out there done this using Ubuntu or Debian?

Thanks!
Reply With Quote
  #4  
Old 20th December 2005, 17:48
Ovidiu Ovidiu is offline
Senior Member
 
Join Date: Sep 2005
Posts: 1,259
Thanks: 76
Thanked 23 Times in 19 Posts
Default

if I remember correct when I once tried to use the bastille package one of the questions I was asked was if my users should see other users files and if answered with yes it might have the same effect desired here?

I am not 100% sure, its just a dim memory, maybe you give it a try..
Reply With Quote
  #5  
Old 20th December 2005, 20:51
howser howser is offline
Junior Member
 
Join Date: Dec 2005
Posts: 4
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Interesting, I installed it and checked the ISPConfig interface, no options to do that. It seems like this would be a good default configuration for a hosting app though right? Why would you ever want your users to see each other? Anyway, I'll keep digging. Feel free to chime in.
Reply With Quote
  #6  
Old 20th December 2005, 22:41
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 35,488
Thanks: 813
Thanked 5,259 Times in 4,123 Posts
Default

Thats not the question of ISPConfig settings. The problem is that there is no Linux distribution that supports chrooted SSH out of the box.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #7  
Old 22nd December 2005, 16:55
howser howser is offline
Junior Member
 
Join Date: Dec 2005
Posts: 4
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Agreed, I guess I should be clearer, it would be cool to add that to the ISPConfig/Perfect Setup that I've seen posted on the web. Seems like most people who use ISPConfig would want that functionality out of the box.
Reply With Quote
  #8  
Old 22nd December 2005, 17:24
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,735 Times in 2,571 Posts
Default

I'll see what I can do...
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #9  
Old 24th December 2005, 10:25
danf.1979 danf.1979 is offline
Senior Member
 
Join Date: Dec 2005
Location: Chile
Posts: 247
Thanks: 4
Thanked 3 Times in 2 Posts
Send a message via MSN to danf.1979
Default

Any updates from you guys?
I'm going to try chrooting users, and I'll be posting my google findings in here

Last edited by danf.1979; 24th December 2005 at 10:46.
Reply With Quote
  #10  
Old 24th December 2005, 10:46
danf.1979 danf.1979 is offline
Senior Member
 
Join Date: Dec 2005
Location: Chile
Posts: 247
Thanks: 4
Thanked 3 Times in 2 Posts
Send a message via MSN to danf.1979
 
Default

Have you checked this link? http://www.chains.ch/
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Bind chroot configuration Toffee Installation/Configuration 6 13th March 2009 15:51
users dir Alias Conflicts TheDanMan General 4 12th December 2007 10:21
Website users? ctroyp General 25 6th January 2006 18:02
Real System users exy123 General 2 12th December 2005 10:01
Chroot FTP users olli Server Operation 3 25th April 2005 11:35


All times are GMT +2. The time now is 23:28.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.