kalin m wrote:
hi all...i have openssh 5. i want to jail the users to their home directories so they can go down but not up.i didn't see a directive that does that in the man or in the sshd_config. how do i do that?
You need a specially patched version of OpenSSH. You can download the patches from here: http://chrootssh.sourceforge.net/download/ and try patching the system sources. If you're not an experienced developer wise in the ways of patch(1) and diff(1) and make(1) this definitely isn't a good idea especially for something as security sensitive as OpenSSH. Realistically, just install the security/openssh-portable port and make sure to check the 'OPENSSH_CHROOT' box in the config dialog. Note: if you choose to select the 'OVERWRITE_BASE' option, be sure to disable building ssh in the base system by making the appropriate entries in /etc/src.conf (see src.conf(5)) or otherwise ensure that whatever system update mechanism you use won't accidentally blow away your specially patched ssh daemon. If you don't overwrite the base system, then double check that the init scripts are starting up the openssh-portable version. You'll need at least this in /etc/rc.conf: sshd_enable="NO" openssh_enable="YES" Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard Flat 3 PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate Kent, CT11 9PW
Description: OpenPGP digital signature