[Cialug] Chroot ssh

[Jeff Davis]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I just did something similar very recently.

I needed to jail users who should only be attempting to sftp files.
There was an extra hoop for me, which was that the destination for
these users files was actually a samba mount. (permissions issues)

I tried several things, and ended up going with rssh.
I set it up, wrote some wrapper scripts to make it easier for the
windows admins to add new users, and then another script to check
an see if the necessary libraries have been changed, to determine
if I need to make any changes to the libraries in the jail (this
only needs run after patching.)

- -Jeff


Matthew Nuzum wrote:
> I've got a web hosting account that provides SSH access. They somehow
> chroot you in so that you can edit your site, run things like python,
> bash, etc, but can't see the server configuration or other users' or
> sites' stuff.
> 
> I've googled and found a howto at howtoforge, but step 2 contains this
> phrase which scares me a little:
> 
>> We download the patched OpenSSH sources...
> 
> I've wanted to do this for a while... anyone done this or something like it?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org

iD8DBQFG6A3YUVPJ6ufy+vIRAn40AKCCIPwoeBUH3/DmTsbjoZsb3DedkACghYZf
qHcC71LScNcRocNIwcwVbMY=
=cGH5
-----END PGP SIGNATURE-----