Thanks for the suggestion. I intend to study about this possible solution but 
to save time I'd
like to ask you some questions.

With this software, can I control which accounts "from the unix passwd file" 
will be able to log in?

If there is a symbolic link in the home directory(jail/chroot) that point to 
anywhere out of it,
will the users be able to use this symlink? Will they go out from their 
jail/chroot directory this
way?

Derek Ragona wrote:
> At 10:28 AM 4/10/2007, Thiago Esteves de Oliveira wrote:
>>Hello,
>>I want to use the chroot/jail mechanism in user's ssh and sftp
>>connections. I've read some
>>tutorials and possible solutions to jail/chroot the users into their own home 
>>directories. One
is
>>to install the openssh-portable(with chroot option turned on) from the ports 
>>collection. I've
installed the openssh-portable, but the jail/chroot mechanism didn't work. I 
think it requires
some configuration in its sshd_config file, but I'm not sure because I have 
found nothing about
jail/chroot in the openssh(sshd_config) man pages.
>
> I have implemented a similar setup using vsftpd from the ports.  It works 
> well for secure ftp
when used with the filezilla client.  You can limit the ftp command in the 
vsftpd configuration
file so users cannot get out of their home directories, which chroots them 
there.  You do need to
add one thing to the accounts, which is to change their home directory in 
/etc/passwd adding an
additional dot.  For instance if a users home directory is:
> /home/user
>
> You'd need to change it to:
> /home/./user
>
> vsftpd is well documented and relatively easy to get setup and running.
>
>          -Derek
>






_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to