Re: restricting sftp/ssh login access

2004-06-30 Thread George Georgalis
On Mon, Jun 28, 2004 at 08:21:31PM +0200, Robert Cates wrote: Hi, I don't exactly like the idea of having to setup a mini-system in everybodies home dir, so maybe the Jailkit will be the answer.(?) Somehow I'm a little surprised that the OpenSSH project hasn't provided this feature in SSH and

Re: restricting sftp/ssh login access

2004-06-29 Thread George Georgalis
On Mon, Jun 28, 2004 at 08:21:31PM +0200, Robert Cates wrote: Hi, I don't exactly like the idea of having to setup a mini-system in everybodies home dir, so maybe the Jailkit will be the answer.(?) Somehow I'm a little surprised that the OpenSSH project hasn't provided this feature in SSH and

Re: restricting sftp/ssh login access

2004-06-28 Thread Adrian 'Dagurashibanipal' von Bidder
On Monday 28 June 2004 12.17, Robert Cates wrote: I would like to know if there is a way to restrict user logins to their home directories (or any other designated directory for that matter) using sftp/ssh. I've got my ftp server configured so that rssh is what you are looking for. Be sure to

Re: restricting sftp/ssh login access

2004-06-28 Thread Andreas John
Hi! 1.) Set users shell to /bin/false and add it to /etc/shells. This will prevent ssh access for users, but allows ftp etc. But what you are asking for is that (I think) 2.) http://chrootssh.sourceforge.net/index.php Chroot your ssh for non-admin users by - patching ssh - replacing Users

Re: restricting sftp/ssh login access

2004-06-28 Thread MB
Hi, It sounds to me like you are looking for a chroot jail for some users. apt-get install jailer ( jailer - Builds and maintains chrooted environments ) You will need to run a special daemon (jk_socketd) to log users into the jail, but that is about the hardest part. I'll post my startup

Re: restricting sftp/ssh login access

2004-06-28 Thread MB
John, First off, I make a small mistake, the package I used was jailkit, from either: http://www.gnu.org/directory/All_Packages_in_Directory/jailkit.html or http://freshmeat.net/projects/jailkit/ It has tons of documentation to help you create a jailed environment, including loading your jail

Re: restricting sftp/ssh login access

2004-06-28 Thread MB
John, Looks like there is a debian package created for jailkit now: http://olivier.sessink.nl/jailkit/jailkit_0.9-1_i386.deb md5 sums for these packages: de67f1dbf6cec002290fe4faadf53821 jailkit_0.9-1_i386.deb Mark --- MB [EMAIL PROTECTED] wrote: John, First off, I make a small mistake,

Re: restricting sftp/ssh login access

2004-06-28 Thread Robert Cates
/chrootedsftp.html but I'm open to other maybe better ways. Thanks again, Robert - Original Message - From: MB [EMAIL PROTECTED] To: Andreas John [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Monday, June 28, 2004 6:47 PM Subject: Re: restricting sftp/ssh login access John, First off, I

RE: restricting sftp/ssh login access

2004-06-28 Thread Ehren Wilson
sftp/ssh login access Hi, and thanks for the quick replies! Just to be a bit clearer in what I'm asking: I would like to be able to allow my customers to access their accounts (update their web sites) with sftp which as I understand it is an extention to (Open)SSH, and not FTP. I know

Re: restricting sftp/ssh login access

2004-06-28 Thread Robert Cates
? I think my next e-mail will be to the OpenSSH project ;-) Thanks, Robert - Original Message - From: Andreas John [EMAIL PROTECTED] To: [EMAIL PROTECTED] Cc: Robert Cates [EMAIL PROTECTED] Sent: Monday, June 28, 2004 2:28 PM Subject: Re: restricting sftp/ssh login access Hi! 1.) Set

RE: restricting sftp/ssh login access

2004-06-28 Thread MB
] Subject: Re: restricting sftp/ssh login access Hi, and thanks for the quick replies! Just to be a bit clearer in what I'm asking: I would like to be able to allow my customers to access their accounts (update their web sites) with sftp which as I understand it is an extention to (Open)SSH

Re: restricting sftp/ssh login access

2004-06-28 Thread Jason Lim
how about using rbash? Only does the shell part, and it is not very hard to break out of the jail, but then again, allowing shell when you think users are going to purposely try to break it isn't a good idea... -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe.

RE: restricting sftp/ssh login access

2004-06-28 Thread Ehren Wilson
but most of them wouldn't be using sftp anyways. Cheers, Ehren Wilson -Original Message- From: Robert Cates [mailto:[EMAIL PROTECTED] Sent: Monday, June 28, 2004 12:22 PM To: [EMAIL PROTECTED] Cc: Andreas John Subject: Re: restricting sftp/ssh login access Hi, I don't exactly like

Re: restricting sftp/ssh login access

2004-06-28 Thread Adrian 'Dagurashibanipal' von Bidder
On Monday 28 June 2004 12.17, Robert Cates wrote: I would like to know if there is a way to restrict user logins to their home directories (or any other designated directory for that matter) using sftp/ssh. I've got my ftp server configured so that rssh is what you are looking for. Be sure to

Re: restricting sftp/ssh login access

2004-06-28 Thread Andreas John
Hi! 1.) Set users shell to /bin/false and add it to /etc/shells. This will prevent ssh access for users, but allows ftp etc. But what you are asking for is that (I think) 2.) http://chrootssh.sourceforge.net/index.php Chroot your ssh for non-admin users by - patching ssh - replacing Users

Re: restricting sftp/ssh login access

2004-06-28 Thread MB
John, First off, I make a small mistake, the package I used was jailkit, from either: http://www.gnu.org/directory/All_Packages_in_Directory/jailkit.html or http://freshmeat.net/projects/jailkit/ It has tons of documentation to help you create a jailed environment, including loading your jail

Re: restricting sftp/ssh login access

2004-06-28 Thread MB
John, Looks like there is a debian package created for jailkit now: http://olivier.sessink.nl/jailkit/jailkit_0.9-1_i386.deb md5 sums for these packages: de67f1dbf6cec002290fe4faadf53821 jailkit_0.9-1_i386.deb Mark --- MB [EMAIL PROTECTED] wrote: John, First off, I make a small mistake,

Re: restricting sftp/ssh login access

2004-06-28 Thread Robert Cates
/chrootedsftp.html but I'm open to other maybe better ways. Thanks again, Robert - Original Message - From: MB [EMAIL PROTECTED] To: Andreas John [EMAIL PROTECTED] Cc: debian-isp@lists.debian.org Sent: Monday, June 28, 2004 6:47 PM Subject: Re: restricting sftp/ssh login access John, First

RE: restricting sftp/ssh login access

2004-06-28 Thread Ehren Wilson
Subject: Re: restricting sftp/ssh login access John, First off, I make a small mistake, the package I used was jailkit, from either: http://www.gnu.org/directory/All_Packages_in_Directory/jailkit.html or http://freshmeat.net/projects/jailkit/ It has tons of documentation to help you

Re: restricting sftp/ssh login access

2004-06-28 Thread Robert Cates
? I think my next e-mail will be to the OpenSSH project ;-) Thanks, Robert - Original Message - From: Andreas John [EMAIL PROTECTED] To: debian-isp@lists.debian.org Cc: Robert Cates [EMAIL PROTECTED] Sent: Monday, June 28, 2004 2:28 PM Subject: Re: restricting sftp/ssh login access Hi

RE: restricting sftp/ssh login access

2004-06-28 Thread MB
PROTECTED] Subject: Re: restricting sftp/ssh login access Hi, and thanks for the quick replies! Just to be a bit clearer in what I'm asking: I would like to be able to allow my customers to access their accounts (update their web sites) with sftp which as I understand it is an extention

Re: restricting sftp/ssh login access

2004-06-28 Thread Jason Lim
how about using rbash? Only does the shell part, and it is not very hard to break out of the jail, but then again, allowing shell when you think users are going to purposely try to break it isn't a good idea...

RE: restricting sftp/ssh login access

2004-06-28 Thread Ehren Wilson
but most of them wouldn't be using sftp anyways. Cheers, Ehren Wilson -Original Message- From: Robert Cates [mailto:[EMAIL PROTECTED] Sent: Monday, June 28, 2004 12:22 PM To: debian-isp@lists.debian.org Cc: Andreas John Subject: Re: restricting sftp/ssh login access Hi, I don't