RE: chroot ssh logins
Roberto: -Original Message- From: Roberto Sanchez [mailto:[EMAIL PROTECTED] Sent: Wednesday, March 03, 2004 12:18 PM To: [EMAIL PROTECTED] Debian. Org Subject: Re: chroot ssh logins Christopher Davis wrote: Hello! I have found a few how-to's on the net for creating user jails with ftp so users cannot browse outside of their home directories. That's what I am looking to do, but with ssh when the user logs in. Can someone point me in the right direction? TIA! Christopher Davis I'm not sure how that vould work with chroot. But, setting up a user-mode-linux install would provide similar functionality, with the added bonus that it appears a totally seperate host to the outside world. You can then either have ports 20 and 21 forwarded from your real host to the UML host, or you can give the uml host its own IP on your network. -Roberto That's a great idea. Can apache read documents inside a UML or would I need to install apache inside the UML as well? I am running a server with multiple websites, now I am opening it up to a few external clients. I want them to be able to modify their site w/o being able to move above their home directory so they are not able to view other sites hosted from the servers. Only remote access to the servers is through ssh2. Thanks again! Christopher Davis -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: chroot ssh logins
Christopher Davis wrote: Hello! I have found a few how-to's on the net for creating user jails with ftp so users cannot browse outside of their home directories. That's what I am looking to do, but with ssh when the user logs in. Can someone point me in the right direction? TIA! Christopher Davis I'm not sure how that vould work with chroot. But, setting up a user-mode-linux install would provide similar functionality, with the added bonus that it appears a totally seperate host to the outside world. You can then either have ports 20 and 21 forwarded from your real host to the UML host, or you can give the uml host its own IP on your network. -Roberto signature.asc Description: OpenPGP digital signature
Re: chroot ssh logins
On Wednesday March 3 at 12:53pm Christopher Davis [EMAIL PROTECTED] wrote: I am running a server with multiple websites, now I am opening it up to a few external clients. I want them to be able to modify their site w/o being able to move above their home directory so they are not able to view other sites hosted from the servers. Only remote access to the servers is through ssh2. You might want to have a look at scponly. It does not allow for full shell access with ssh, but rather (as the name implies), just scp. There are a few clients for Windows, including WinSCP, which can be set to work much like most FTP clients. -- -johann koenig pgp0.pgp Description: PGP signature
Re: chroot ssh logins
Christopher Davis wrote: I'm not sure how that vould work with chroot. But, setting up a user-mode-linux install would provide similar functionality, with the added bonus that it appears a totally seperate host to the outside world. You can then either have ports 20 and 21 forwarded from your real host to the UML host, or you can give the uml host its own IP on your network. -Roberto That's a great idea. Can apache read documents inside a UML or would I need to install apache inside the UML as well? I am running a server with multiple websites, now I am opening it up to a few external clients. I want them to be able to modify their site w/o being able to move above their home directory so they are not able to view other sites hosted from the servers. Only remote access to the servers is through ssh2. Thanks again! Christopher Davis Probably not. TTBOMK, UML installs use a large file on the host and build a file system inside it (treating it like a standard black device). If there were a way to use a specified part of the directory tree for your UML install (like for a chroot), then yes. Apache is capable of following symlinks anywhere on the file system, as long as it has permission to read the files. -Roberto signature.asc Description: OpenPGP digital signature
Re: chroot ssh logins
On Wed, Mar 03, 2004 at 11:16:45AM -0500, Christopher Davis wrote: Hello! I have found a few how-to's on the net for creating user jails with ftp so users cannot browse outside of their home directories. That's what I am looking to do, but with ssh when the user logs in. Can someone point me in the right direction? TIA! Christopher Davis Hi Christopher, You want chrootssh.sf.net. This is how I got it working on a Debian Woody installation. It assumes you have something like deb-src http://ftp.us.debian.org/debian woody main contrib non-free In sources.list: $ su -c apt-get install build-essential $ apt-get source openssh $ patch -p0 /tmp/osshChroot-3.4.diff $ cd openssh-3.4p1 $ debuild $ dch -i Applied patch from chrootssh.sf.net $ su -c debi It builds a .deb and installs it for you, also updates your changelog.Debian -- Danie Roux *shuffle* Adore Unix -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]