thanks..  i'll look at the patches....


Matthew Seaman wrote:
kalin m wrote:

hi all...

i have openssh 5. i want to jail the users to their home directories so they can go down but not up.

i didn't see a directive that does that in the man or in the sshd_config.

how do i do that?

You need a specially patched version of OpenSSH.  You can download
the patches from here:

   http://chrootssh.sourceforge.net/download/

and try patching the system sources.  If you're not an experienced
developer wise in the ways of patch(1) and diff(1) and make(1) this
definitely isn't a good idea especially for something as security
sensitive as OpenSSH.

Realistically, just install the security/openssh-portable port and
make sure to check the 'OPENSSH_CHROOT' box in the config dialog.
Note: if you choose to select the 'OVERWRITE_BASE' option, be sure
to disable building ssh in the base system by making the appropriate
entries in /etc/src.conf (see src.conf(5)) or otherwise ensure that
whatever system update mechanism you use won't accidentally blow away
your specially patched ssh daemon.

If you don't overwrite the base system, then double check that the
init scripts are starting up the openssh-portable version.  You'll
need at least this in /etc/rc.conf:

sshd_enable="NO"
openssh_enable="YES"

    Cheers,

    Matthew

_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to