On 4 May 2011 16:27, "krad" <kra...@gmail.com> wrote: > > On 4 May 2011 12:47, Balázs Mátéffy <repcs...@gmail.com> wrote: > > > On 4 May 2011 13:35, Matthew Seaman <m.sea...@infracaninophile.co.uk> > > wrote: > > > > > On 04/05/2011 10:08, Jack Raats wrote: > > > > I have a question concerning SSH op a FreeBSD 7.4-STABLE server. > > > > > > > > Is it possible to limit the SSH access? > > > > I want t o restrict a user to his own home directory. > > > > So that if he connects to the server with SSH he only can go to his own > > > home dir. > > > > Also the same for sftp... > > > > > > > > > > I believe you will need to install a version of OpenSSH from ports to > > > get that functionality. It's the CHROOT config option in > > > security/openssh-portable > > > > > > Cheers > > > > > > Matthew > > > > > > -- > > > Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard > > > Flat 3 > > > PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate > > > JID: matt...@infracaninophile.co.uk Kent, CT11 9PW > > > > > > > > Hello, > > > > It should work with the base openssh on 7.4. Check your version with sshd > > -v. > > Here, search for chroot(or use google :)): > > http://www.openbsd.org/cgi-bin/man.cgi?query=sshd_config&sektion=5 > > > > Regarding ssh login, I usually use "rbash" from the ports, that restricts > > the user from leaving his or her home directory! > > > > Regards, > > > > Balazs Mateffy. > > _______________________________________________ > > freebsd-questions@freebsd.org mailing list > > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > > To unsubscribe, send any mail to " > > freebsd-questions-unsubscr...@freebsd.org" > > > > if you want them to be able to get a shell ether then sftp prompt then you > will have to go for the rbash option. If you chroot the shell to their home > dir they wont have access to any system binaries so wont be able to 'ls' for > example. > > Having said that you could build a tree of all the binaries they need along > with all the dependent libraries. This would get a bit cumbersome and > wasteful of disk space for lots of users though. You might be better off > with jails. >
Or you could have a special /bin-restricted that you nullfs mount into ~userN/bin. Chris _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"