easy way to get sshd ver.5 installed on centos5
http://fs12.vsb.cz/hrb33/el5/hrb-ssh/stable/SRPMS/
rpmbuild --rebuild openssh-5.0p1-1.el5.hrb.src.rpm
worked for me .. but honestly, has excited has I was, I do not find
chroot to be that useful .. if I remember correctly, the chroot
directory has to be owned by root and was not possible with my setup.
alternative
"scponly" from from the EPEL Repositories
(http://download.fedora.redhat.com/pub/epel/5/x86_64/)
will give your users secure file transfers access without a terminal
my favorite
"rssh" rssh is a restricted shell for use with OpenSSH, allowing only
scp and/or sftp. For example, if you have a server which you only want
to allow users to copy files off of via scp, without providing shell
access, you can use rssh to do that.
hope this help
alain
Filipe Brandenburger wrote:
Hi,
Is anyone chrooting users that connect through SSH?
I looked for it on Google and I basically saw several methods:
- OpenSSH 5 supports ChrootDirectory (FC9 apparently has RPMs that
probably could be rebuilt under CentOS 5)
- There seem to be several patches for OpenSSH 4.x to do the chroot,
the most popular seems to be http://chrootssh.sf.net/
- There appears to be a pam_chroot
- There are solutions based on setting the user's shell to a
script/binary that does the chroot
By quickly looking at yum list, it doesn't seem like neither RHEL nor
CentOS directly support any of those, at least I didn't find any RPMs
for any of those.
If anyone is doing it, I would like to know what were your experiences
and if you would recommend doing it or not.
I'm specially interested in anything that doesn't involve replacing
the OpenSSH that comes with CentOS, after all, that's what CentOS is
all about, if you start replacing the pieces, what's the point...
Thanks a lot!
Filipe
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos