|
|
ssh-chrootmgr(1)
Contents
|
ssh-chrootmgr - Sets up chroot-ready environment for users
ssh-chrootmgr [-h | -? | --help] [-n] [-q] [-v] [username]
Displays help. Displays what would happen, without executing
the command. This is particularly useful with the
-v option. Quiet mode. Displays errors only. Displays
verbose information.
You use the ssh-chrootmgr command when you want the sshd
daemon and the sftp-server to enforce use of the ChRootUsers
or ChRootGroups keywords in the sshd2_config file.
Using the ChRoot{Users,Groups} keywords allows you to
restrict users to their home directory. This requires,
however, that you use static builds (i.e., no shared
libraries) of ssh-dummy-shell and sftp-server.
The ssh-chrootmgr command tries to identify the user's
home directory from the /etc/passwd file. You can supply
more than one username, in which case all these accounts
are processed. The ssh-chrootmgr command creates a bin
directory if it does not exist under the user's home
directory, and copies the static binaries of ssh-dummyshell
and sftp-server2 into this directory. It also creates
a symbolic link, sftp-server, in that directory to
point to the sftp-server2 binary.
After you enter the ssh-chrootmgr command, take the following
steps: Add the user names to the ChRootUsers keyword
and group names to the ChRootGroups keyword in the
sshd2_config file. Change the users' shell to /bin/sshdummy-shell
in the /etc/passwd file. After the chroot
operation, the /bin directory is the bin directory in the
user's home directory, from the user's perspective.
SSH is a registered trademark of SSH Communication Security
Ltd.
Commands: ssh2(1) sshd2(8)
Files: sshd2_config(4)
ssh-chrootmgr(1)
[ Back ] | 