Keep SSH users in their home directories

11 December 2009 Software, VPS & Dedicated, Web Hosting Leave a comment 1,277 Views

OpenSSH stuff
Since 2008, OpenSSH now has a feature that allows Linux system administrators to keep web hosting clients and other users out of system directories like /etc /bin /var, and others. In the past, admins had to rely on other packages, such as rssh.

The process is called chroot, which essentially creates a virtual file system within the larger Linux file system, limiting individual users to their own small section of the server. They might have an /etc directory, but it will a special one only for that user and not the same as the larger system’s /etc directory. Now, OpenSSH has a configuration option called ChrootDirectory.Now, OpenSSH has a configuration option called ChrootDirectory.

In /etc/ssh/sshd_config :

You need to configure OpenSSH to use its internal SFTP subsystem.
Subsystem sftp internal-sftp
Then, I configured chroot()ing in a match rule.
Match group sftponly ChrootDirectory /home/%u X11Forwarding no AllowTcpForwarding no ForceCommand internal-sftp

Read the rest at the Debian Administration website. You can also read the configuration manual simply by typing man sshd_config from the command line.

Source: Debian Administration
Photo: Flickr

Internetblog.org.uk Web hosting, Domain names, Dedicated servers

Keep SSH users in their home directories

Related Articles

Check Also

Importance of web hosting to business

Facebook: a success after another

Importance of web hosting to business

Website Builder

Professional Data Centres In The UK

How to choose the right website builder and site maker

.XXX a waste of time according to porn industry

Micro-blogging on your own domain with StatusNet

How to restart Apache in Mac OS X Server

Comcast's typosquatting is a "service"

What is directory listing?