howto chroot ssh ...
Dario Lesca
d.lesca at solinos.it
Thu Nov 4 09:06:16 UTC 2004
... for a single user.
I must only allow the download/upload files with scp or sftp-server.
Now I use this script (*) in the shell command of user, but I not know
howto chroot the sftp-server command ....
Some suggest?
Many thanks
(*)
[lesca at lesca ssh-chroot]$ cat onlyscp.sh
#!/bin/bash
#Shell for allow only scp <d${DOT}lesca${AT}solinos.it>
#useradd -s /usr/local/bin/onlyscp.sh scpuser
#echo "par: $1|$2|$3|$4|$5" > /dev/pts/0 2>&1
CHROOT=/var/tmp
DOWNL=yes
UPLOAD=yes
SFTP=no
SCP_CMD="echo /usr/bin/scp"
SFTP_CMD="echo /usr/libexec/openssh/sftp-server"
# If exist ...
test -f /etc/onlyscp.conf && source /etc/onlyscp.conf
cd $CHROOT
case "$DOWNL:$UPLOAD:$SFTP:$@" in
yes:*:*:-c\ scp\ -f\ *)
f=$(echo "$@"|sed -e 's|^-c scp -f ||')
f=$(echo "./$f"|sed -e 's|\.\./|::/|g')
eval "$SCP_CMD -f $f"
;;
*:yes:*:-c\ scp\ -t\ *)
f=$(echo "$@"|sed -e 's|^-c scp -t ||')
f=$(echo "./$f"|sed -e 's|\.\./|::/|g')
eval "$SCP_CMD -t $f"
;;
*:*:yes:-c\ */sftp-server)
eval "$SFTP_CMD"
;;
-c\ ls*)
(find * -type f |xargs ls -lad) 1>&2
;;
*)
(
echo "Operazione Non Supportata"
echo "Comandi ammessi: scp from & to + ls"
sleep 2
echo -e "Premi un tasto x uscire\c"
)1>&2
read -t 3 a
exit 3
;;
esac
exit 0
----[cut]-----
--
Dario Lesca <d.lesca at solinos.it>
More information about the users
mailing list