[PLUG] setting up SSH to chr[o]ot to user homeDir

[Auke Kok]

Josh Orchard wrote:
> Hello all,
> 
> Been looking about the wonderful web and reading about how I could 
> achieve this but all that I've found makes it sound like I need to setup 
> yet another customer product of sorts.  So...
> 
> Is there a way that I can configure SSHD to allow clients to login but 
> be chrooted to their home directory?
> FTP does this well and I would like to have it do the same for SSHD.  
> I'm actually surprised this isn't a configuration option on OpenSSH as 
> it would make sense that you would want to allow certain shell access 
> but not allow all people to go about browsing your entire server.
> So, is this possible?  Do I need some sort of custom SSH or is there 
> another program I can use to give secure Shell access?

TINST

as Kenneth already explained this is very much a nightmare to setup, and FTP 
can do it since the user only needs 1 exectuable (ftpd) running on the server 
after login, so that executable itself can chroot at startup.

If you really want to permit users to login but not see something outside of 
their homedirectories, then you should investigate more secure ways (chroots 
can be busted, yes even with grsecurity) such as UML or providing a fully 
chrooted install with sshd running already in it.

If you're only looking into offering limited functionality (e.g. sftp-server) 
you might also want to see if you can get around it by just allowing the user 
to run only one type of connection that way.

Cheers,

Auke