On Wed, Feb 20, 2008 at 2:02 PM, LeRoy, Ted <[EMAIL PROTECTED]> wrote: > I'm taking a class on system security. We're in teams and we have to > allow attacking teams ssh access to our devices. > > I'd like to limit the user account access for the other groups, > permitting them a shell and a few commands, but no ability to browse the > box or do things like cat or cp /etc/passwd. > > I'm running OpenBSD 4.2 on the server they'll be attacking. I'm an > OpenBSD noob. Learning under fire. > > If someone can help me figure out whether using ssh_config, chroot, or > just using permissions will be the easiest, most effective way to go > about it, and how to proceed, it will be much appreciated. Alternatives > would be great too. >
The easiest way is to upgrade to -current, as openssh in -current has the ChrootDirectory option in sshd_config now. Look at: http://undeadly.org/cgi?action=article&sid=20080220110039&mode=expanded&count=5 for more details.
