Re: ssh - restricted shell

• Previous message: Josh Ockert: "Re: Mount a tar archive?"
• In reply to: Duane Winner: "ssh - restricted shell"
• Next in thread: daniel: "Re: ssh - restricted shell"
• Reply: daniel: "Re: ssh - restricted shell"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

To: freebsd-questions@freebsd.org
Date: Wed, 30 Mar 2005 16:51:15 -0500

On March 30, 2005 04:02 pm, Duane Winner wrote:
> Hello,
>
> Does anybody know the best technique to accomplish this:
>
> We have a server that we use for mostly internal development, and run an
> SSH server.
>
> We have an outsider who we want to allow to ssh into this server and do
> some work.
>
> However, because he is an outsider, we don't want him roaming around our
> server, moving, looking, doing, or anything outside of his own home
> directory.
>
> How can I restrict him to his own home directory?
>
> I thought I ran into instructions once for doing this, but I can't find
> anything right now.
>
> Or was I thinking of scponly ?
>
> That might do it, except we do need to set him up to to run some scripts
> within his home directory after he uploads stuff via scp.

if you only want scp to work, then you can use this as the shell:

  /usr/lib/misc/sftp-server

worked for me. however, if they need a shell, you'll have to chroot() the
shell and i don't know how to do that. i've never bothered to learn 'cause
i've heard that they're easy to break out of anyway.

-- 
the reasonable man adapts himself to the world;
the unreasonable man persists in trying to adapt the world to himself.
therefore, all progress depends on the unreasonable man.
  - george bernard shaw
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org"

• Previous message: Josh Ockert: "Re: Mount a tar archive?"
• In reply to: Duane Winner: "ssh - restricted shell"
• Next in thread: daniel: "Re: ssh - restricted shell"
• Reply: daniel: "Re: ssh - restricted shell"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Relevant Pages Re: Pine Server installation Recommendation ... who will give you a shell account with no bandwidth restrictions ... for much less money than getting a dedicated virtual server type deal. ... Provider 1 has a reasonable price, pine access via ssh but has only ... When you read the Infinite Ink Pine pages by Nancy (great pages Nancy, ... (comp.mail.pine) Re: CGI apps in C? ... This would be used if you want to run "find" or some other shell ... server and settled on running PHP apps using fastcgi + suexec. ... Each user can then customise their config, ... information for each CGI execution. ... (freebsd-isp) Re: Howto: ssh X11 display to Win2k ... It's just the standard X server. ... A shell springs to mind as a good start! ... >> you are sitting there typing at its shell prompt. ... you were so fantastically stupid as to not know how, ... (linux.redhat.misc) Re: [Fedora] Re: Separate shell and www servers... ... if you don't want to give the webserver nfs access to their ... they don't always use their shell to maintain their site. ... > separate spool server, and just mount the partition on the shell ... since each person has their own web space. ... (Fedora) SSH and SFTP ... authenticating to a single LDAP server for logins. ... want to enable SFTP logins for one server but NOT allow SSH shell to ... interactive shell access on all the other servers. ... (linux.redhat)