|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Andy Bradford (amb-openbsd
bradfords.org)
Date: Mon Sep 13 2010 - 11:14:57 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Thus said Pete Vickers on Mon, 13 Sep 2010 16:32:08 +0200:
> rootcontainer ~> tail /etc/ssh/sshd_config
> # all non-wheel users should be chrooted to home and sftp only
> #
> Match Group !wheel
> ForceCommand internal-sftp
> ChrootDirectory /home
> AllowTcpForwarding no
> X11Forwarding no
The first problem is your Match command. The documentation seems to
indicate that the negation character `!' is only to be used in a
pattern-list which is defined as ``a comma-separated list of patterns.''
I suspect that your Match pattern is not working correctly. Try Match
User pete and see if it succeeds as you expect. Probably what you should
do is create a special chroot group and add all the users that you want
to impose this upon to that group.
The second problem is that your ChrootDirectory is not structured
properly. When authentication happens, it will chroot there and then it
will attempt to change directory to the users home directory, however,
you haven't indicated whether or not you created one:
/home/home/pete
Without this structure, when the chroot happens, the user will be
chroot'ed to /home and then will have to do his own cd to pete and all
user directories will be found in /.
Andy
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]