Re: Chroot'ed SSH

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] 

easy way to get sshd ver.5 installed on centos5
http://fs12.vsb.cz/hrb33/el5/hrb-ssh/stable/SRPMS/
rpmbuild --rebuild openssh-5.0p1-1.el5.hrb.src.rpm
worked for me .. but honestly, has excited has I was, I do not find chroot to be that useful .. if I remember correctly, the chroot directory has to be owned by root and was not possible with my setup. 

alternative
"scponly" from from the EPEL Repositories (http://download.fedora.redhat.com/pub/epel/5/x86_64/) 
will give your users secure file transfers access without a terminal

my favorite
"rssh" rssh is a restricted shell for use with OpenSSH, allowing only scp and/or sftp. For example, if you have a server which you only want to allow users to copy files off of via scp, without providing shell access, you can use rssh to do that. 

hope this help
alain

Filipe Brandenburger wrote:

Hi,

Is anyone chrooting users that connect through SSH?

I looked for it on Google and I basically saw several methods:
- OpenSSH 5 supports ChrootDirectory (FC9 apparently has RPMs that
probably could be rebuilt under CentOS 5)
- There seem to be several patches for OpenSSH 4.x to do the chroot,
the most popular seems to be http://chrootssh.sf.net/
- There appears to be a pam_chroot
- There are solutions based on setting the user's shell to a
script/binary that does the chroot

By quickly looking at yum list, it doesn't seem like neither RHEL nor
CentOS directly support any of those, at least I didn't find any RPMs
for any of those.

If anyone is doing it, I would like to know what were your experiences
and if you would recommend doing it or not.

I'm specially interested in anything that doesn't involve replacing
the OpenSSH that comes with CentOS, after all, that's what CentOS is
all about, if you start replacing the pieces, what's the point...

Thanks a lot!
Filipe
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos


_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux