[prev in list] [next in list] [prev in thread] [next in thread]
List: focus-sun
Subject: Re: ssh2
From: David LaPorte <dlaporte () CCS ! NEU ! EDU>
Date: 2000-07-13 18:48:17
[Download RAW message or body]
From the ssh 2.2.0 README:
Q: How do I set up chrooted accounts (with restricted shell access, and
only file transfer access) with sshd2?
A: First, you should make sure that the static binaries of
ssh-dummy-shell and sftp-server2 got compiled with the rest. The
binaries are named (creatively) ssh-dummy-shell.static and
sftp-server2.static.
Then, run
% ssh-chrootmgr <username> ...
This copies the binaries to the user's bin-directory ($HOME/bin)
(and creates the bin directory, if necessary).
The next step is to add the user to the server's configuration file
(/etc/ssh2/sshd2_config, usually). Use ChRootUsers or ChRootGroups
variable. If you use ChRootGroups, remember that all users whose
_primary_ group is the one listed in the configuration variable will
be chrooted. But, even if the user belongs to a group that is listed
in ChRootGroups, but it isn't her primary group, the user won't be
chrooted. *whew*
After this you should change the user's login shell in /etc/passwd,
with vipw, for example (or whatever you use to manage the
accounts). The new shell should be /bin/ssh-dummy-shell (which, from
the chrooted users perspective, will be the one in $HOME/bin).
After this, restart the daemon, or kill -HUP it.
Note: make sure, that there is a line
subsystem-sftp sftp-server
in sshd2_config. Otherwise the user won't be able to do anything.
NOTE: This doesn't work with Solaris. Solaris doesn't support this
kind of static linking. You have to use the normal binaries and copy
the needed libraries to the user's environment too. Unfortunately we
don't have a tool for that (yet).
I hope this helps...
Dave LaPorte
-----Original Message-----
From: Focus on Sun Mailing List [mailto:FOCUS-SUN@SECURITYFOCUS.COM]On
Behalf Of Phu, Donald
Sent: Thursday, July 13, 2000 9:13 AM
To: FOCUS-SUN@SECURITYFOCUS.COM
Subject: ssh2
Hi,
I just install the ssh2 in a linux box (rhat 6.2) and would like to
know if it possible do chroot using ssh2.
Thanks for any help :-)
\\\
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic