ssh jail
kalin m
kalin at el.net
Thu Oct 2 20:00:10 UTC 2008
thanks.. i'll look at the patches....
Matthew Seaman wrote:
> kalin m wrote:
>>
>> hi all...
>>
>> i have openssh 5. i want to jail the users to their home directories
>> so they can go down but not up.
>>
>> i didn't see a directive that does that in the man or in the
>> sshd_config.
>>
>> how do i do that?
>
> You need a specially patched version of OpenSSH. You can download
> the patches from here:
>
> http://chrootssh.sourceforge.net/download/
>
> and try patching the system sources. If you're not an experienced
> developer wise in the ways of patch(1) and diff(1) and make(1) this
> definitely isn't a good idea especially for something as security
> sensitive as OpenSSH.
>
> Realistically, just install the security/openssh-portable port and
> make sure to check the 'OPENSSH_CHROOT' box in the config dialog.
> Note: if you choose to select the 'OVERWRITE_BASE' option, be sure
> to disable building ssh in the base system by making the appropriate
> entries in /etc/src.conf (see src.conf(5)) or otherwise ensure that
> whatever system update mechanism you use won't accidentally blow away
> your specially patched ssh daemon.
>
> If you don't overwrite the base system, then double check that the
> init scripts are starting up the openssh-portable version. You'll
> need at least this in /etc/rc.conf:
>
> sshd_enable="NO"
> openssh_enable="YES"
>
> Cheers,
>
> Matthew
>
More information about the freebsd-questions
mailing list