[CentOS] RE: chroot over ssh
Aleksandar Milivojevic
alex at milivojevic.org
Thu Nov 16 04:50:58 UTC 2006
Brian Marshall wrote:
> I have a file server that has ssh on a public IP. We've been using SCP/FTPS
> over ssh to get to the server, but since it's sshd the users can see the
> entire file system.
>
> The problem is that the drive mount everyone needs to get to is outside of
> their home dir. Is their anyway I can setup chroot through sshd?
>
> Or is it just a silly pursuit and I should just setup a proper FTPS server?
It's doable, however actual implementation depends on how your users are
accessing the server. Some of the possible options:
You could run chrooted sshd on different port.
You could use forced command option if they can only authenticate via
RSA keys (which will throw them into jail and than execute either scp or
sftp).
You could change the login shell so that it throws them into jail, and
than executes the real shell.
Either of the above will work.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 187 bytes
Desc: OpenPGP digital signature
URL: <http://lists.centos.org/pipermail/centos/attachments/20061115/44610ebc/attachment.sig>
More information about the CentOS
mailing list