Hi,
I would like to know if there is a way to restrict user logins to their home
directories (or any other designated directory for that matter) using
sftp/ssh. I've got my ftp server configured so that normal ftp access is
restricted to their home directories, but since sftp uses (Open)SSH, it
On Monday 28 June 2004 12.17, Robert Cates wrote:
I would like to know if there is a way to restrict user logins to
their home directories (or any other designated directory for that
matter) using sftp/ssh. I've got my ftp server configured so that
rssh is what you are looking for. Be sure to
Hi!
1.) Set users shell to /bin/false and add it to /etc/shells.
This will prevent ssh access for users, but allows ftp etc.
But what you are asking for is that (I think)
2.) http://chrootssh.sourceforge.net/index.php
Chroot your ssh for non-admin users by
- patching ssh
- replacing Users
Hi all,
What SCSI controller is recommended nowardays for connecting an external
U160 SCSI storage system? NCR? Adaptec? Speed is good, STABILITY is most
important however - one will be for a postgres database the other for a
mail server.
Thanks for your help,
Andrew
--
To UNSUBSCRIBE, email
Hi,
It sounds to me like you are looking for a chroot jail for some users.
apt-get install jailer
( jailer - Builds and maintains chrooted environments )
You will need to run a special daemon (jk_socketd) to log users into the
jail, but that is about the hardest part. I'll post my startup
Yves Junqueira wrote:
On Fri, 25 Jun 2004 18:21:20 -0400, Kris Deugau [EMAIL PROTECTED]
wrote:
I've been lucky enough to only work with *nix mail servers except
for that one Novell system- and it had some advantages I've yet to
see in any *nix system. g
Interesting. Was that Novell
You can get a IBM server RAID card for about $200.
http://froogle.google.com/froogle?hl=enlr=ie=UTF-8tab=wfq=%22ibm+serveraid+4l%22scoring=p
I like the IBM server RAID card on our mailserver:
01:02.0 RAID bus controller: IBM Netfinity ServeRAID controller
Subsystem: IBM: Unknown device
Am 2004-06-28 16:12:19, schrieb Andrew Miehs:
Hi all,
What SCSI controller is recommended nowardays for connecting an external
U160 SCSI storage system? NCR? Adaptec? Speed is good, STABILITY is most
important however - one will be for a postgres database the other for a
mail server.
Adaptec is
John,
First off, I make a small mistake, the package I used was jailkit,
from either:
http://www.gnu.org/directory/All_Packages_in_Directory/jailkit.html
or
http://freshmeat.net/projects/jailkit/
It has tons of documentation to help you create a jailed environment,
including loading your jail
John,
Looks like there is a debian package created for jailkit now:
http://olivier.sessink.nl/jailkit/jailkit_0.9-1_i386.deb
md5 sums for these packages:
de67f1dbf6cec002290fe4faadf53821 jailkit_0.9-1_i386.deb
Mark
--- MB [EMAIL PROTECTED] wrote:
John,
First off, I make a small mistake,
Hi, and thanks for the quick replies!
Just to be a bit clearer in what I'm asking: I would like to be able to
allow my customers to access their accounts (update their web sites) with
sftp which as I understand it is an extention to (Open)SSH, and not FTP. I
know for example that the Windows
The cleanest way I have found was using rssh. All you do is change the
shell to /usr/bin/rssh. The only issue I have with it is that to jail them
to their home directory you need a separate chroot for each folder of the
following. I jailed the /home folder and thus only need one jail, if you
Hi,
I don't exactly like the idea of having to setup a mini-system in
everybodies home dir, so maybe the Jailkit will be the answer.(?) Somehow
I'm a little surprised that the OpenSSH project hasn't provided this feature
in SSH and sftp that I'm looking for. Maybe somebody knows the reason why?
I agree that a jail is the cleanest way. My setup is as follows:
chroot jail:
/home/jailedUsers
dirs and files within the jail:
./lib
./lib/libnsl.so.1
./lib/libnsl-2.3.2.so
./lib/libc.so.6
./lib/libc-2.3.2.so
./lib/ld-linux.so.2
./lib/ld-2.3.2.so
./lib/libnss_compat.so.2
Hello Gurus,
I have installed a debian woody with to interfaces
eth0 and eth1. I has configuredthe internet conexionon eth0 which
has got a static ip on internet. And on eth1 i want to put a interface to do a
proxy nat gateway on my internal lan (i want to put a 192.168.0.1 on it).
I
Hi,
I noticed the following just now in my apache logs:
208.200.158.49 - - [28/Jun/2004:20:11:46 +0200] GET / HTTP/1.0 200 6137
- -
208.200.158.49 - - [28/Jun/2004:20:12:00 +0200] GET /index.php HTTP/1.0
404 269 - -
208.200.158.49 - - [28/Jun/2004:20:12:00 +0200] GET /main.php HTTP/1.0
404 268
Have you tried iptables instead? If your kernel supports iptables,
then:
echo 1 /proc/sys/net/ipv4/ip_forward
echo 1 /proc/sys/net/ipv4/conf/$both_eth_devs/rp_filter
iptables -t nat -I POSTROUTING -s 192.168.0.0/24 -i eth1 -o eth0 -j
MASQUERADE
iptables also does the firewalling in other
Hello Francisco,
Francisco Castillo wrote:
I have read doc to do it but when i apply this doc i have a your
kernel seems to not support ipchains messages when i try to do
this.
For what reason do you want to use ipchains? If you just set up
debian successfully i think you have also an actual
Hello Francisco,
Francisco Castillo wrote:
I have read doc to do it but when i apply this doc i have a your
kernel seems to not support ipchains messages when i try to do
this.
For what reason do you want to use ipchains? If you just set up
debian successfully i think you have also an actual
Hi Mark,
I have test your script but my woody give me this response:
morpheo:~# cat compartir2
echo 1 /proc/sys/net/ipv4/ip_forward
echo 1 /proc/sys/net/ipv4/conf/eth0/rp_filter
echo 1 /proc/sys/net/ipv4/conf/eth1/rp_filter
iptables -t nat -I POSTROUTING -s 192.168.0.0/24 -i eth1 -o eth0 -j
how about using rbash? Only does the shell part, and it is not very hard
to break out of the jail, but then again, allowing shell when you think
users are going to purposely try to break it isn't a good idea...
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe.
On Mon, 28 Jun 2004 21:35:40 +0200
Christoph Löffler [EMAIL PROTECTED] wrote:
Hello Fraancisco:
The first thinng you must do is to install a kernel with IPTABLES support, the
ipchains is not recomendable for kernels up to 2.4. The kernel packages of woody
distro have this support
Next you MUST
Enrique,
Im novice on debian, i have decided recently to change from redhat or
mandrake (fatal experiencie in two years), so excuse my ignorance.
First i dont know how to do this step The first thinng you must do is to
install a kernel with IPTABLES support
How can I do it ? How can i test if it
Christoph,
You are right. Looks like he should also modprobe or insmod iptables
and many other modules. I insmod a whole list of routing modules:
ipt_REDIRECT
ipt_MASQUERADE
iptable_mangle
iptable_nat
ipt_REJECT
iptable_filter
Robert,
There has been extensive discussion on this topic on the ssh mailing lists.
Before going on the list I would highly recommend reading up as this is a
fairly common topic and the developers have basically said they won't
provide this functionality, it is something that belongs in the OS or
Hola Francisco
Francisco Castillo wrote:
Enrique,
Im novice on debian, i have decided recently to change from redhat or
mandrake (fatal experiencie in two years), so excuse my ignorance.
First i dont know how to do this step The first thinng you must do is to
install a kernel with IPTABLES support
Hi,
I would like to know if there is a way to restrict user logins to their home
directories (or any other designated directory for that matter) using
sftp/ssh. I've got my ftp server configured so that normal ftp access is
restricted to their home directories, but since sftp uses (Open)SSH, it
On Monday 28 June 2004 12.17, Robert Cates wrote:
I would like to know if there is a way to restrict user logins to
their home directories (or any other designated directory for that
matter) using sftp/ssh. I've got my ftp server configured so that
rssh is what you are looking for. Be sure to
Hi!
1.) Set users shell to /bin/false and add it to /etc/shells.
This will prevent ssh access for users, but allows ftp etc.
But what you are asking for is that (I think)
2.) http://chrootssh.sourceforge.net/index.php
Chroot your ssh for non-admin users by
- patching ssh
- replacing Users
You can get a IBM server RAID card for about $200.
http://froogle.google.com/froogle?hl=enlr=ie=UTF-8tab=wfq=%22ibm+serveraid+4l%22scoring=p
I like the IBM server RAID card on our mailserver:
01:02.0 RAID bus controller: IBM Netfinity ServeRAID controller
Subsystem: IBM: Unknown device
Am 2004-06-28 16:12:19, schrieb Andrew Miehs:
Hi all,
What SCSI controller is recommended nowardays for connecting an external
U160 SCSI storage system? NCR? Adaptec? Speed is good, STABILITY is most
important however - one will be for a postgres database the other for a
mail server.
Adaptec is
John,
First off, I make a small mistake, the package I used was jailkit,
from either:
http://www.gnu.org/directory/All_Packages_in_Directory/jailkit.html
or
http://freshmeat.net/projects/jailkit/
It has tons of documentation to help you create a jailed environment,
including loading your jail
John,
Looks like there is a debian package created for jailkit now:
http://olivier.sessink.nl/jailkit/jailkit_0.9-1_i386.deb
md5 sums for these packages:
de67f1dbf6cec002290fe4faadf53821 jailkit_0.9-1_i386.deb
Mark
--- MB [EMAIL PROTECTED] wrote:
John,
First off, I make a small mistake,
Hi, and thanks for the quick replies!
Just to be a bit clearer in what I'm asking: I would like to be able to
allow my customers to access their accounts (update their web sites) with
sftp which as I understand it is an extention to (Open)SSH, and not FTP. I
know for example that the Windows
The cleanest way I have found was using rssh. All you do is change the
shell to /usr/bin/rssh. The only issue I have with it is that to jail them
to their home directory you need a separate chroot for each folder of the
following. I jailed the /home folder and thus only need one jail, if you
Hi,
I don't exactly like the idea of having to setup a mini-system in
everybodies home dir, so maybe the Jailkit will be the answer.(?) Somehow
I'm a little surprised that the OpenSSH project hasn't provided this feature
in SSH and sftp that I'm looking for. Maybe somebody knows the reason why?
I agree that a jail is the cleanest way. My setup is as follows:
chroot jail:
/home/jailedUsers
dirs and files within the jail:
./lib
./lib/libnsl.so.1
./lib/libnsl-2.3.2.so
./lib/libc.so.6
./lib/libc-2.3.2.so
./lib/ld-linux.so.2
./lib/ld-2.3.2.so
./lib/libnss_compat.so.2
Hello Gurus,
I have installed a debian woody with to interfaces
eth0 and eth1. I has configuredthe internet conexionon eth0 which
has got a static ip on internet. And on eth1 i want to put a interface to do a
proxy nat gateway on my internal lan (i want to put a 192.168.0.1 on it).
I
Hello Francisco,
Francisco Castillo wrote:
I have read doc to do it but when i apply this doc i have a your
kernel seems to not support ipchains messages when i try to do
this.
For what reason do you want to use ipchains? If you just set up
debian successfully i think you have also an actual
Hi Mark,
I have test your script but my woody give me this response:
morpheo:~# cat compartir2
echo 1 /proc/sys/net/ipv4/ip_forward
echo 1 /proc/sys/net/ipv4/conf/eth0/rp_filter
echo 1 /proc/sys/net/ipv4/conf/eth1/rp_filter
iptables -t nat -I POSTROUTING -s 192.168.0.0/24 -i eth1 -o eth0 -j
how about using rbash? Only does the shell part, and it is not very hard
to break out of the jail, but then again, allowing shell when you think
users are going to purposely try to break it isn't a good idea...
On Mon, 28 Jun 2004 21:35:40 +0200
Christoph Löffler [EMAIL PROTECTED] wrote:
Hello Fraancisco:
The first thinng you must do is to install a kernel with IPTABLES support, the
ipchains is not recomendable for kernels up to 2.4. The kernel packages of
woody distro have this support
Next you MUST
Enrique,
Im novice on debian, i have decided recently to change from redhat or
mandrake (fatal experiencie in two years), so excuse my ignorance.
First i dont know how to do this step The first thinng you must do is to
install a kernel with IPTABLES support
How can I do it ? How can i test if it
Christoph,
You are right. Looks like he should also modprobe or insmod iptables
and many other modules. I insmod a whole list of routing modules:
ipt_REDIRECT
ipt_MASQUERADE
iptable_mangle
iptable_nat
ipt_REJECT
iptable_filter
Robert,
There has been extensive discussion on this topic on the ssh mailing lists.
Before going on the list I would highly recommend reading up as this is a
fairly common topic and the developers have basically said they won't
provide this functionality, it is something that belongs in the OS or
Hola Francisco
Francisco Castillo wrote:
Enrique,
Im novice on debian, i have decided recently to change from redhat or
mandrake (fatal experiencie in two years), so excuse my ignorance.
First i dont know how to do this step The first thinng you must do is to
install a kernel with IPTABLES support
46 matches
Mail list logo