howto chroot ssh ...
Brian Richardson
brian at cubik.ca
Thu Nov 4 11:33:50 UTC 2004
Check out this URL:
http://mail.incredimail.com/howto/openssh/
It will allow you to use the magic './' notation for a user's home
directory to chroot that user to the directory specified.
Brian
On 4-Nov-04, at 2:06 AM, Dario Lesca wrote:
> ... for a single user.
> I must only allow the download/upload files with scp or sftp-server.
>
> Now I use this script (*) in the shell command of user, but I not know
> howto chroot the sftp-server command ....
>
> Some suggest?
>
> Many thanks
>
> (*)
>
> [lesca at lesca ssh-chroot]$ cat onlyscp.sh
> #!/bin/bash
>
> #Shell for allow only scp <d${DOT}lesca${AT}solinos.it>
> #useradd -s /usr/local/bin/onlyscp.sh scpuser
>
> #echo "par: $1|$2|$3|$4|$5" > /dev/pts/0 2>&1
>
> CHROOT=/var/tmp
>
> DOWNL=yes
> UPLOAD=yes
> SFTP=no
>
> SCP_CMD="echo /usr/bin/scp"
> SFTP_CMD="echo /usr/libexec/openssh/sftp-server"
>
> # If exist ...
> test -f /etc/onlyscp.conf && source /etc/onlyscp.conf
>
> cd $CHROOT
>
> case "$DOWNL:$UPLOAD:$SFTP:$@" in
> yes:*:*:-c\ scp\ -f\ *)
> f=$(echo "$@"|sed -e 's|^-c scp -f ||')
> f=$(echo "./$f"|sed -e 's|\.\./|::/|g')
> eval "$SCP_CMD -f $f"
> ;;
> *:yes:*:-c\ scp\ -t\ *)
> f=$(echo "$@"|sed -e 's|^-c scp -t ||')
> f=$(echo "./$f"|sed -e 's|\.\./|::/|g')
> eval "$SCP_CMD -t $f"
> ;;
> *:*:yes:-c\ */sftp-server)
> eval "$SFTP_CMD"
> ;;
> -c\ ls*)
> (find * -type f |xargs ls -lad) 1>&2
> ;;
> *)
> (
> echo "Operazione Non Supportata"
> echo "Comandi ammessi: scp from & to + ls"
>
> sleep 2
> echo -e "Premi un tasto x uscire\c"
> )1>&2
> read -t 3 a
>
> exit 3
> ;;
> esac
>
> exit 0
>
> ----[cut]-----
> --
> Dario Lesca <d.lesca at solinos.it>
>
> --
> fedora-list mailing list
> fedora-list at redhat.com
> To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list
>
>
Brian Richardson
Software Developer
Public Key available at http://www.cubik.ca/
More information about the users
mailing list