Dear all I'm looking for instructions on how to setup a jailed chroot directory for user which needs to upload via scp to the server. Especially I miss clear instructions about what needs to be in the jailed directory available, like binaries, libraries, etc... Without jail I get it to work, but I want to prevent user downloading for example /etc folder from the server. Does anybody have a link or list valid for Centos7 Thanks Regards Adrian
> Am 20.10.2017 um 15:58 schrieb Adrian Jenzer <a.jenzer at herzogdemeuron.com>: > > Dear all > > I'm looking for instructions on how to setup a jailed chroot directory for user which needs to upload via scp to the server. > Especially I miss clear instructions about what needs to be in the jailed directory available, like binaries, libraries, etc... > Without jail I get it to work, but I want to prevent user downloading for example /etc folder from the server. > > Does anybody have a link or list valid for Centos7 >Can?t you use SFTP? AFAIK, sftp automatically chroots a user with no valid shell (provided the home directory is owned by root and not writeable by the user and you use Subsystem internal-sftp).
-----"CentOS" <centos-bounces at centos.org> wrote: -----To: CentOS mailing list <centos at centos.org> From: Rainer Duffner Sent by: "CentOS" Date: 10/20/2017 08:00PM Subject: Re: [CentOS] scp setup jailed chroot on Centos7> Am 20.10.2017 um 15:58 schrieb Adrian Jenzer <a.jenzer at herzogdemeuron.com>: > > Dear all > > I'm looking for instructions on how to setup a jailed chroot directory for user which needs to upload via scp to the server. > Especially I miss clear instructions about what needs to be in the jailed directory available, like binaries, libraries, etc... > Without jail I get it to work, but I want to prevent user downloading for example /etc folder from the server. > > Does anybody have a link or list valid for Centos7 >Can’t you use SFTP? AFAIK, sftp automatically chroots a user with no valid shell (provided the home directory is owned by root and not writeable by the user and you use Subsystem internal-sftp). _______________________________________________ CentOS mailing list CentOS at centos.org https://lists.centos.org/mailman/listinfo/centos https://github.com/mysecureshell/mysecureshell
-----Original Message----- From: CentOS [mailto:centos-bounces at centos.org] On Behalf Of Rainer Duffner Sent: Samstag, 21. Oktober 2017 00:41 To: CentOS mailing list Subject: Re: [CentOS] scp setup jailed chroot on Centos7> Am 20.10.2017 um 15:58 schrieb Adrian Jenzer <a.jenzer at herzogdemeuron.com>: > > Dear all > > I'm looking for instructions on how to setup a jailed chroot directory for user which needs to upload via scp to the server. > Especially I miss clear instructions about what needs to be in the jailed directory available, like binaries, libraries, etc... > Without jail I get it to work, but I want to prevent user downloading for example /etc folder from the server. > > Does anybody have a link or list valid for Centos7 >Can?t you use SFTP? AFAIK, sftp automatically chroots a user with no valid shell (provided the home directory is owned by root and not writeable by the user and you use Subsystem internal-sftp). Hi Rainer I would if I could but external offers only FTP and SCP... Regards Adrian _______________________________________________ CentOS mailing list CentOS at centos.org https://lists.centos.org/mailman/listinfo/centos
-----Original Message----- From: CentOS [mailto:centos-bounces at centos.org] On Behalf Of tbuchanan at vinu.edu Sent: Samstag, 21. Oktober 2017 02:14 To: CentOS mailing list Subject: Re: [CentOS] scp setup jailed chroot on Centos7 -----"CentOS" <centos-bounces at centos.org> wrote: -----To: CentOS mailing list <centos at centos.org> From: Rainer Duffner Sent by: "CentOS" Date: 10/20/2017 08:00PM Subject: Re: [CentOS] scp setup jailed chroot on Centos7> Am 20.10.2017 um 15:58 schrieb Adrian Jenzer <a.jenzer at herzogdemeuron.com>: > > Dear all > > I'm looking for instructions on how to setup a jailed chroot directory for user which needs to upload via scp to the server. > Especially I miss clear instructions about what needs to be in the jailed directory available, like binaries, libraries, etc... > Without jail I get it to work, but I want to prevent user downloading for example /etc folder from the server. > > Does anybody have a link or list valid for Centos7 >Can’t you use SFTP? AFAIK, sftp automatically chroots a user with no valid shell (provided the home directory is owned by root and not writeable by the user and you use Subsystem internal-sftp). _______________________________________________ CentOS mailing list CentOS at centos.org https://lists.centos.org/mailman/listinfo/centos https://github.com/mysecureshell/mysecureshell _______________________________________________ CentOS mailing list CentOS at centos.org https://lists.centos.org/mailman/listinfo/centos Thanks for this. Didn't know about it. And setup is pretty straight forward. The repo for Centos6 works with 7 too. [mysecureshell] name=MySecureShell baseurl=http://mysecureshell.free.fr/repository/index.php/centos/6.4/ enabled=1 gpgcheck=0 regards Adrian