On Thu, Mar 01, 2007 at 04:28:15PM +0200, Ehud Karni wrote: >On Tue, 27 Feb 2007 19:37:25, Francis wrote: >>I am running a OpenSSH server for some friends on my machine, and I was >>hoping to disable access to /cygdrive (local drives.) Is there a way to >>prevent them from modifying any files also? this is intended just as a >>SSH tunneling method to get us around some Websense. > >I have restricted ssh users to a some directory with some commands only >on GNU/Linux by using `chroot' and restricted shell (bash). This won't >work on Cygwin, because there is no `chroot' jail (not supported by the >underlying OS). > >You have 2 options: >1. Use the /etc/passwd to specify your own shell which will check the > input and execute only the allowed commands (by being filter to a > shell or by calling `system'). > >2. Use cgf advice and restrict the ssh user to one command only (by the > authorized_keys file which will be a filter (same as in 1). This has > some drawbacks on Cygwin (unlike UNIX), but for your purpose it is > not significant.
Cygwin emulates chroot so, depending on your needs, it may be adequate although since, as noted, it isn't handled at the OS level, it is not foolproof. I still think that the best solution is to only allow tunneling and disallow other commands. Looking at the documentation for sshd_config, another option is to use "ForceCommand" option in sshd_config, possibly in conjunction with the "Match" keyword. "man sshd_config" would probably be useful reading. cgf -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/