LinuxQuestions.org
LinuxAnswers - the LQ Linux tutorial section.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Debian
User Name
Password
Debian This forum is for the discussion of Debian Linux.

Notices

Reply
 
Search this Thread
Old 05-28-2009, 10:35 AM   #1
davidstvz
Member
 
Registered: Jun 2008
Posts: 405

Rep: Reputation: 30
openssh sftp chrooting all users


Is there anyway to chroot all users to their home directories by default (for sftp sessions)?

That would be a good start. It might also be convenient for me to be able to exempt a few select users.

All the info I can see is for chrooting a specific user or group to a specific directory (rather than all users to a variable directory such as the users home).
 
Old 05-30-2009, 04:06 AM   #2
oʌǝɹ
LQ Newbie
 
Registered: May 2009
Posts: 12

Rep: Reputation: 1
Did you try:

Match User *
ChrootDirectory /home
[..]


And maybe to exempt some:

Match User '*,!bob,!jim'
ChrootDirectory /home
[..]

Not sure about "ChrootDirectory /home", try also:
"ChrootDirectory /home/%u"
"ChrootDirectory %h" <-- prefered for home not in /home

Looking at the manpage of sshd_config and ssh_config, it looks like it should work.

Last edited by oʌǝɹ; 05-30-2009 at 04:14 AM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
SFTP with Chrooting and without SSH and SCP toraghun Linux - Security 1 07-10-2006 05:11 AM
Remote backup server: vsftpd/SSL or openssh/sftp or... ? krog Linux - Security 3 04-24-2006 11:50 PM
Chrooting ssh/sftp users. OneEye Linux - General 1 03-22-2006 07:09 PM
dont want sftp on OpenSSH e1000 Linux - Software 3 12-08-2004 12:47 PM
Concepts/Security types/ Setup: OpenSSH/sshd/ssh/scp/sftp Caud Pong Linux - Security 5 09-23-2004 06:51 AM


All times are GMT -5. The time now is 04:54 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration