creating ssh account without directory browsing
Tamer Higazi writes:
> For a project I need to create ssh accounts (based on shared keys) who > would be loged in a specific directory. They should only be able to > login in the desired directory, but not be able for outside browsing. If you need this only for things like scp, net-misc/scponly might do what you want. http://sublimation.org/scponly/wiki/index.php/Main_Page Wonko |
creating ssh account without directory browsing
In data domenica 22 agosto 2010 10:36:36, Tamer Higazi ha scritto:
: > Hi people! > For a project I need to create ssh accounts (based on shared keys) who > would be loged in a specific directory. They should only be able to > login in the desired directory, but not be able for outside browsing. > > > for example: > > /work/ > > but not / or any other scope. > > How would you guys accomplish that?! Hi Tamer, simply set the default shell of the desired account to: /bin/bash -r. In this mode the bash will start in restricted mode. You can get further information about that in the man page of bash (section: RESTRICTED SHELL). Bye Giampiero |
creating ssh account without directory browsing
On Sunday 22 August 2010 13:31:20 Giampiero Gabbiani wrote:
> In data domenica 22 agosto 2010 10:36:36, Tamer Higazi ha scritto: > : > Hi people! > > > > For a project I need to create ssh accounts (based on shared keys) who > > would be loged in a specific directory. They should only be able to > > login in the desired directory, but not be able for outside browsing. > > > > > > for example: > > > > /work/ > > > > but not / or any other scope. > > > > How would you guys accomplish that?! > > Hi Tamer, > simply set the default shell of the desired account to: /bin/bash -r. > In this mode the bash will start in restricted mode. You can get further > information about that in the man page of bash (section: RESTRICTED SHELL). If you find that rbash is too restrictive, you can also restrict the access rights of said users, so that they can only read/write their /home and the /work directories. Use some sensible umasks to achieve this. SUID and SGID files & binaries may be more difficult to restrict though. -- Regards, Mick |
creating ssh account without directory browsing
Apparently, though unproven, at 10:36 on Sunday 22 August 2010, Tamer Higazi
did opine thusly: > Hi people! > For a project I need to create ssh accounts (based on shared keys) who > would be loged in a specific directory. They should only be able to > login in the desired directory, but not be able for outside browsing. > > > for example: > > /work/ > > but not / or any other scope. > > How would you guys accomplish that?! Make that user's shell rbash. In rbash the user cannot cd. There's a bunch of other stuff they also cannot do. Check man bash near the end to make sure it satisfies your needs. -- alan dot mckinnon at gmail dot com |
creating ssh account without directory browsing
Hi,
Young padawan Tamer Higazi <th982a@googlemail.com> spoke: > Hi people! > For a project I need to create ssh accounts (based on shared keys) who > would be loged in a specific directory. They should only be able to > login in the desired directory, but not be able for outside browsing. I think you mean chroot. OpenSSH supports this, have a look at it. kalkin- -- Paranoid sein heisst frei sein (Hal Faber) |
| All times are GMT. The time now is 03:02 AM. |
VBulletin, Copyright ©2000 - 2013, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.