On Thu, Jan 13, 2005 at 05:43:47PM -0800, vvi tech
wrote:> Hey guys I really have made use of the ftpchroot file in /etc but I wonder
> why is there no equivalent of that for ssh and telnet accounts? Basically
> simply limiting traversing the file system to specific shell users root.
It's a vastly different problem. With ftp, all you need to do is keep
the daemon and possiably a few external programs working. With ssh or
telnet, there's little point unless you can keep a set of applications
working. There are choot patches for ssh avaliable. Alternativly, you
can use jail(8) to seperate processes from each other.
One (debian specific)writeup on chrooted ssh:
http://www.debian.org/doc/manuals/securing-debian-howto/ap-chroot-ssh-env.en.html
-- Brooks
--
Any statement of the form "X is the one, true Y" is FALSE.
PGP fingerprint 655D 519C 26A7 82E7 2529 9BF0 5D8E 8BE9 F238 1AD4
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url :
http://lists.freebsd.org/pipermail/freebsd-security/attachments/20050113/31123dc8/attachment.bin