[ale] chrooting SSH users?

Raju mr at 4securenet.com
Sun May 18 15:27:23 EDT 2003


Thanks Chris.  Been playing with ssh-chrootmgr (SSH), but would like to
stick with OpenSSH:-)

--Raju


> On Sun, 18 May 2003, Raju wrote:
>
>> Hi All,
>>  I want to  setup up a (Redhat) box in the DMZ to allow ssh access
>> only
>> (shell accounts) which inturn will provide access to the lab I am
>> building (Cisco). I wanna see if I can chroot ssh users. "Googling"
>> yields more painful approaches, but was curious if anyone has done it
>> before. Thanks:-)
>
> use pam_chroot
>
> Something like this in /etc/pam.d/sshd:
>
> <snip non-session stuff>
> session    required     pam_limits.so
> session    required     pam_chroot.so onerr=fail
> session    optional     pam_console.so
>
> tells sshd to read the config file /etc/security/chroot.conf when users
> authenticate.
>
> In /etc/security/chroot.conf, put
>
> user1 directory1
> user2 directory2
>
> user1 gets chrooted to directory1, user2 to directory2, user3 doesn't
> get  chrooted.
>
> later,
> chris
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://www.ale.org/mailman/listinfo/ale





_______________________________________________
Ale mailing list
Ale at ale.org
http://www.ale.org/mailman/listinfo/ale





More information about the Ale mailing list