On Mon, Feb 23, 2009 at 05:20:17PM -0500, Mike Erdely wrote: > On Mon, Feb 23, 2009 at 04:21:01PM -0500, Michael W. Lucas wrote: > > On Mon, Feb 23, 2009 at 07:33:23PM +0100, Jean-Francois wrote: > > > - Is it possible to chrrot only some users ? > > > > I don't believe so. You could look at scponly, it can chroot users. > > It's an add-on shell, not in ports, has not been audited by OpenBSD, > > etc. YMMV. > > > > > I am afraid that is I do this then all users will be chrooted and I > > > won't be able to turn this back since I will not have access to /etc. > > > > Run a separate sshd instance on a different port, with -p. Test the > > changes there. > > Ugh. Bad advice. Please see sshd_config(5) and > http://undeadly.org/cgi?action=article&sid=20080220110039 > > -ME
Yep, definitely better way to chroot. But I still suggest running sshd on an off port to test changes if you're concerned about locking yourself out. ==ml -- Michael W. Lucas [email protected], [email protected] http://www.BlackHelicopters.org/~mwlucas/ "My pessimism extends to the point of even suspecting the sincerity of the pessimists." -- Jean Rostand, French biologist and philosopher
