Hi Chaim,
Give the full path name of the sftp-server as the login shell for the
user.
This will prevent him from running arbitray commands.
If you would like to jail him in his home directory (in the same manner
that regular ftp server does), look at http://chrootssh.sourceforge.net/.
However, I think it will enforce you to build SSH package from sources (and
openssl ofcourse).
Moshe Shemesh
Liraz-x
----- Original Message -----
From: "Chaim Keren Tzion" <[EMAIL PROTECTED]>
To: "Moshe Shemesh" <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Thursday, July 31, 2003 12:39 PM
Subject: Re: SSH Jail
>
> I am intending that sftp will be used for the file transfer. The problem
> is that once I create the account that will use sftp it automatically has
> the ability to log in with ssh and wander around the system. I would like
> to limit the users ability to travel ouside of the home directoy and to
> execute commands. I have tried to define the user with /dev/false as it's
> shell but then I can't log in.
>
> On Thu, 31 Jul 2003, Moshe Shemesh wrote:
>
> > Hi Chaim,
> >
> > Did you consider using sftp-server ? It's ftp server running on top
of
> > SSH. you will need sftp clint to access it.
> >
> > Moshe Shemesh
> > Liraz-x
> >
> >
> > ----- Original Message -----
> > From: "Chaim Keren Tzion" <[EMAIL PROTECTED]>
> > To: <[EMAIL PROTECTED]>
> > Sent: Thursday, July 31, 2003 11:57 AM
> > Subject: SSH Jail
> >
> >
> > > Shalom,
> > >
> > > I need to set up an FTP server or an account that will use SSH for a
user
> > > outside of our organization that needs to send us data. They haven't
been
> > > able to successfully set one up on their end. I would like to avoid
> > > setting up and FTP server because of the security issues but I am also
> > > concerned about setting up an account that they can access via SSH
because
> > > they will log in as a regular user and have lots of rights. Is there a
> > > good way to create a jail and otherwise limit an account that will be
> > > accessed via SSH? They need the account only for data transfer.
> > >
> > >
> > > --
> > >
> > > Chaim Keren Tzion | [EMAIL PROTECTED]
> > > System Administrator | The Hebrew University of Jerusalem
> > > Dept. of Neurobiology | Tel: 972-2-658-5083
> > > Inst. of Life Science | Cel: 972-54-652983
> > > Jerusalem 91904, Israel | Fax: 972-2-658-6296
> > > ...................... | ............................
> > >
> > >
> > >
> > > =================================================================
> > > To unsubscribe, send mail to [EMAIL PROTECTED] with
> > > the word "unsubscribe" in the message body, e.g., run the command
> > > echo unsubscribe | mail [EMAIL PROTECTED]
> > >
> > >
> >
> >
>
> --
>
> Chaim Keren Tzion | [EMAIL PROTECTED]
> System Administrator | The Hebrew University of Jerusalem
> Dept. of Neurobiology | Tel: 972-2-658-5083
> Inst. of Life Science | Cel: 972-54-652983
> Jerusalem 91904, Israel | Fax: 972-2-658-6296
> ....................... | ............................
>
>
=================================================================
To unsubscribe, send mail to [EMAIL PROTECTED] with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail [EMAIL PROTECTED]
