Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Redhat Linux 7.1 - SSHD

Posted on 2003-02-25
5
Medium Priority
?
184 Views
Last Modified: 2010-04-22
I'm curious as to how I can restrict SSH logins so that the user can only navigate their own home directory (and any sub directories he/she creates).

Basically, I do not want them to be able to "go back" from their home directory. (as used in guest FTP sessions where / is their home directory)

If you can show me how to do this, I'll bump the points up to 150.
0
Comment
Question by:mgonyea
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 19

Accepted Solution

by:
Gabriel Orozco earned 225 total points
ID: 8020598
it's simple if you use a restricted shell. this is the base for security when you use ssh.

if you want to copy files only, then:
http://freshmeat.net/projects/scponly/
http://freshmeat.net/projects/rssh/

you can use also the rsh (Restricted Shell) or chroot jail some users (the ones you want to control)

regards
0
 
LVL 1

Expert Comment

by:LamerSmurf
ID: 8056948
Another approach would be to go for permissions, and merely remove permissions to change to directories that should not be intended for this or these users.

using chmod/chgrp/chown

/LamerSmurf
0
 
LVL 2

Expert Comment

by:RazvanStefanescu
ID: 8063304
Hello,
I would suggest creating a chrooted environment for the ssh users. Check out this link:
http://www.ssh.com/support/faq/secureshellserver/qa_191_687.html

Hope that helps.
Razvan
0
 

Expert Comment

by:covati
ID: 8119754
I'd go w/ the chrooted env, I would recommend staying away from lamersmurf's suggestion.
If the user knows anything about the layout of the system you would have to change the groups/permissions on a lot of directories, think /tmp or /bin or anything that is 755.

Controlling user space would be tough, if users chmod 755 any of their dirs another user could just cd straight to that (if they could figure out the path some how).

Here's a link for a chroot patch to SSH:

http://chrootssh.sourceforge.net/

and the howto on getting it going for sftp OR ssh:

http://chrootssh.sourceforge.net/docs/chrootedsftp.html
0
 
LVL 6

Expert Comment

by:masa77
ID: 8318710
I have used one simple script from http://www.gsyc.inf.uc3m.es/~assman/index.html
to build chrooted jail enviroments...
Simple to use.
Check it out.

-- Masa
0

Featured Post

Are You Ready for GDPR?

With the GDPR deadline set for May 25, 2018, many organizations are ill-prepared due to uncertainty about the criteria for compliance. According to a recent WatchGuard survey, a staggering 37% of respondents don't even know if their organization needs to comply with GDPR. Do you?

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

​Being a Managed Services Provider (MSP) has presented you  with challenges in the past— and by meeting those challenges you’ve reaped the rewards of success.  In 2014, challenges and rewards remain; but as the Internet and business environment evol…
Hello EE, Today we will learn how to send all your network traffic through Tor which is useful to get around censorship and being tracked all together to a certain degree. This article assumes you will be using Linux, have a minimal knowledge of …
This is my first video review of Microsoft Bookings, I will be doing a part two with a bit more information, but wanted to get this out to you folks.
Have you created a query with information for a calendar? ... and then, abra-cadabra, the calendar is done?! I am going to show you how to make that happen. Visualize your data!  ... really see it To use the code to create a calendar from a q…
Suggested Courses

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question