On Wed, 2 May 2001, Phil N wrote: man ssh-chrootmgr might be of some use to you as well. > Actually, the answer to that is "ssh". What I wanted to do was have a > user be chroot'ed to their home directory when they logged into the > server using secure shell and then only be able to telnet to another > device from there. For what it's worth, here's what I've done to > accomplish what I needed. I got the ideas from a couple places..... > Don't know who to thank at this point since I've looked at about 100 > pages :-) > > - got the latest version of bash, compiled it for my system (my > current version of bash would not take the --restricted-mode option on > startup, nor would it enter restricted mode when called as rbash) > - installed the new bash as /usr/bin/rbash so that it comes up in > "restricted mode" > see > http://uwsg.ucs.indiana.edu/usail/tasks/security/security.html#login > - set the user's shell to /usr/bin/rbash > - set the user's environment with .bash_profile, set root as the > owner and perms to 644 > - created a menu script that only allows them to telnet to a device > OR logoff the system. any other action causes an immediate logout. > > There's probably hole somewhere in this but at least I've made it a > little more difficult to do anything to my ssh server. > > Phil > > > > > I realized afterwards that you may have been asking about ssh and not sgi. > > > > Randolph J. Herber, [EMAIL PROTECTED] > -- Blue Lang http://www.gator.net/~blue Unix Administrator Veritas Software 2315 McMullan Circle, Raleigh, North Carolina, USA 919 835 1540
