[Webinar] Streamline your web hosting managementRegister Today

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 309
  • Last Modified:

Problem with openSSH

Hi!
I just installed SSH (openSSH 3.6.1) on the Mandrake Linux 10.0 machine. SSH work but the problem is: if the user makes a connection and logs into the server, he can leave from his "home" directory. He can actually walk around all the Linux! How is it possible to stop him leaving from his home directory?

Juhan
0
koomasolen
Asked:
koomasolen
3 Solutions
 
pjedmondCommented:
He may be able to 'walk around all the Linux', but he should not be able to change the files, or access protected directories.

However, in order to truely limit the user to his own directory, you need to set up a chroot'ed environment:

http://www.tjw.org/chroot-login-HOWTO/

HTH:)
0
 
esanchezvelaCommented:

Another option is to set a restricted shell, "set -r" for bash/ksh, just a word of caution here, the user will not be able to execute commands which are not in the PATH and will not be able to redirect output of a command into a file.

regards,
esv
0
 
koomasolenAuthor Commented:
could You esanchezvela  please specify how the restricted shell work - where and how I can set it ? I'm quite novice in the Linux world...The ssh user only uploads files to my server, he doesn't need more actions.
Juhan
0
Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

 
wesly_chenCommented:
> The ssh user only uploads files to my server
For upload/download file through openssh, you just need scponly
http://www.sublimation.org/scponly/

So user can only upload/download the data through openssh without login with ssh.

Wesly
0
 
chris_calabreseCommented:
Or if you're willing to limit to just SFTP instead of SCP, you can simply set the user's shell to /the/path/to/sftp-server (usually something like /opt/openssh/libexec/sftp-server) and also add it to /etc/shells.
0
 
Cyclops3590Commented:
No comment has been added to this question in more than 21 days, so it is now classified as abandoned.
I will leave the following recommendation for this question in the Cleanup topic area:
Split: pjedmond & wesly_chen & chris_calabrese

Any objections should be posted here in the next 4 days. After that time, the question will be closed.

Cyclops3590
EE Cleanup Volunteer
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now