閱讀文章 - 看板 FB_security

發信人danger@wilbury.sk (DanGer),

看板FB_security

標題Re[2]: chroot-ing users coming in via SSH and/or SFTP?

發信站NCTU CSIE FreeBSD Server (Tue Dec 21 21:16:28 2004)

轉信站ptt!FreeBSD.csie.NCTU!not-for-mail

Hi Nigel, Monday, December 20, 2004, 11:19:29 PM, si napisal: > On 0, Brett Glass <brett@lariat.org> allegedly wrote: >> At 02:23 PM 12/20/2004, Nigel Houghton wrote: >> >> >Is there something wrong with using the scponly shell for the users? >> >> Mainly that I hadn't heard of it until you mentioned it. ;-) >> Thank you! (I knew I could get a quick answer, if there was one, >> from the list.) > aha, ok, good. >> I just tried building it (twice, because the first time I didn't >> realize that it required a special variable to be defined before >> it would set itself up to chroot users). I'll be testing it shortly >> to be sure that the "jails" created by its sample script (which >> creates both the user ID and the jail) have everything needed for >> FreeBSD. >> >> It'd be nice if there were a more centralized "chroot" facility >> that covered SSH, FTP, and other things as well. >> >> --Brett > Take a look at the Jail project, you'll find it here... > http://www.jmcresearch.com/projects/jail/ > ..and in ports/sysutils/ along with some other jail tools, it may > provide some of the features you are looking for. > +-----------------------------------------------------------------+ > Nigel Houghton Research Engineer Sourcefire Inc. > Vulnerability Research Team > Stewie: You know, I rather like this God fellow. Very theatrical, > you know. Pestilence here, a plague there. Omnipotence > ...gotta get me some of that. > _______________________________________________ > freebsd-security@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to > "freebsd-security-unsubscribe@freebsd.org" maybe somebody should port this: http://chrootssh.sourceforge.net/index.php it seems good :-) -- Sincerely +----------==/\/\==----------+ (__) FreeBSD | DanGer <danger@wilbury.sk> | \\\'',) The | DanGer@IRCnet ICQ261701668 | \/ \ ^ Power | http://danger.rulez.sk | .\._/_) To +----------==\/\/==----------+ Serve _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"