Dear list, thanks a lot for all your kind guidance. I really grateful to you for focusing on different aspects of restricting ssh user. I have found limited shell or lshell is closer to my requirement. As it is based on python it is heavy on the system but it is not so lengthy to configure like chroot. More over chroot demands "chown root:root <homedir>" and it is not possible here as these home dirs are actually apache webfolders under htdocs hence these should have apache user:group as permission. So lshell seems work for me. Thanks once again. On Thu, 23 Apr 2009 12:20:08 -0500 "Jorge Fco. Rivera" <jorge_grivera@xxxxxxxxxxx> wrote: > i a long time read that is possible > > this link show how to, are in spanish, but i remenber already in > english guide. > > > http://www.linuxparatodos.net/portal/staticpages/index.php?page=como-openssh-chroot > > good luck! > > -------------------------------------------------- > From: "Romain Pelisse" <belaran@xxxxxxxxx> > Sent: Thursday, April 23, 2009 11:07 AM > To: <secureshell@xxxxxxxxxxxxxxxxx> > Subject: Re: How to restrict ssh user to the home directory ? > > > I don't really feell it is possible... It goes a little bit outside > > the perimeter of sshd here. You should look more on the system > > side, a tool such as SELinux may be able to enforce this kind of > > possible. > > > > (i don't think it is possible but i'm far from being 100% here, if > > somebody disagree with me, please do write it :) ) > > > > 2009/4/21 J. Bakshi <bakshi12@xxxxxxxxx> > >> > >> Dear list, > >> > >> I am running a remote suse server and need to give ssh access to > >> the users who can work on their particular web folder only. The > >> version of ssh server is openssh-5.0p1-21.1 > >> > >> I have already did huge google search but could not find any sshd > >> features which can allow ssh users > >> to restrict them in their home directory. I have found some > >> documentations where chroot or jailkit is used to achieve this and > >> these need some more configuration and obviously "chown root:root > >> <home-folder>" . But I need an option which simply restrict ssh > >> users so that they can't browse beyond their home directory. It is > >> also not possible to do "chown root:root <home-folder>" as the > >> folders which are used as home directory are actually web folder > >> under apache htdocs having apache permission. I don't need sftp > >> but ssh access. Is it really impossible to have this feature > >> through ssh technology ? > >> > >> Thanks > > > > > > > > -- > > Romain PELISSE, > > "The trouble with having an open mind, of course, is that people > > will insist on coming along and trying to put things in it" -- Terry > > Pratchett > > http://belaran.eu/ > >
