Problem with openSSH

Posted on 2005-03-08
Medium Priority
Last Modified: 2010-03-18
I just installed SSH (openSSH 3.6.1) on the Mandrake Linux 10.0 machine. SSH work but the problem is: if the user makes a connection and logs into the server, he can leave from his "home" directory. He can actually walk around all the Linux! How is it possible to stop him leaving from his home directory?

Question by:koomasolen
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
LVL 22

Accepted Solution

pjedmond earned 336 total points
ID: 13491769
He may be able to 'walk around all the Linux', but he should not be able to change the files, or access protected directories.

However, in order to truely limit the user to his own directory, you need to set up a chroot'ed environment:



Expert Comment

ID: 13492870

Another option is to set a restricted shell, "set -r" for bash/ksh, just a word of caution here, the user will not be able to execute commands which are not in the PATH and will not be able to redirect output of a command into a file.


Author Comment

ID: 13495814
could You esanchezvela  please specify how the restricted shell work - where and how I can set it ? I'm quite novice in the Linux world...The ssh user only uploads files to my server, he doesn't need more actions.
Create the perfect environment for any meeting

You might have a modern environment with all sorts of high-tech equipment, but what makes it worthwhile is how you seamlessly bring together the presentation with audio, video and lighting. The ATEN Control System provides integrated control and system automation.

LVL 38

Assisted Solution

wesly_chen earned 332 total points
ID: 13497230
> The ssh user only uploads files to my server
For upload/download file through openssh, you just need scponly

So user can only upload/download the data through openssh without login with ssh.

LVL 14

Assisted Solution

chris_calabrese earned 332 total points
ID: 13497738
Or if you're willing to limit to just SFTP instead of SCP, you can simply set the user's shell to /the/path/to/sftp-server (usually something like /opt/openssh/libexec/sftp-server) and also add it to /etc/shells.
LVL 25

Expert Comment

ID: 16377094
No comment has been added to this question in more than 21 days, so it is now classified as abandoned.
I will leave the following recommendation for this question in the Cleanup topic area:
Split: pjedmond & wesly_chen & chris_calabrese

Any objections should be posted here in the next 4 days. After that time, the question will be closed.

EE Cleanup Volunteer

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I have seen several blogs and forum entries elsewhere state that because NTFS volumes do not support linux ownership or permissions, they cannot be used for anonymous ftp upload through the vsftpd program.   IT can be done and here's how to get i…
Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
In this video, Percona Director of Solution Engineering Jon Tobin discusses the function and features of Percona Server for MongoDB. How Percona can help Percona can help you determine if Percona Server for MongoDB is the right solution for …
Suggested Courses

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question