[wellylug] ssh chroot jail?
Mark Signal
mark at databackup.co.nz
Fri Dec 17 10:25:53 NZDT 2004
Hi
is there an "easy" way to set up a chrooted environment so that all a
ssh user can do is establish a public/private key authenticated session
. (the users have no shell and password authentication is disabled)
All I want the user to be able to do is port forward to a second user
who has connected using the same credentials.
eg user joe connects using user1 at server - R 80:127.0.0.1:80 and user
peter connects using user1 at server - L 80:127.0.0.1:80 and "hay nony no"
peter can see joes web server by pointing his browser to localhost.
As my setup (standard debian) currently stands this all works fine but
the users can potentially port forward to any other user and this is
what I want to prevent.
As a final note my sshd_config file has "UsePAM yes" at the end
I presume this uneccesary if I am using public/private key authentication?
thanks
Mark
More information about the wellylug
mailing list