[ale] Need wacky chroot setup help

James Sumners james.sumners at gmail.com
Fri Aug 21 15:37:23 EDT 2015


Just stumbled across this -- http://mysecureshell.readthedocs.org/en/latest/

It's a bigger hammer than I want to use for the scenario in this thread,
but it looks like a interesting tool for other locked down SSH situations.

On Fri, Aug 21, 2015 at 12:23 PM, James Sumners <james.sumners at gmail.com>
wrote:

>
> On Fri, Aug 21, 2015 at 10:01 AM, DJ-Pfulio <djpfulio at jdpfu.com> wrote:
>
>> Just riffing here ... "bind mount" from ~T1000/dept-fun-times/ to their
>> own area?
>
>
> I think that's going to work.
>
> 1) Create `/home/t1000/dept-fun-times/`
> 2) Create `/opt/container/dept-fun-times/output` (and give t1000 group
> +rwx)
> 3) Bind `/opt/container/dept-fun-times` to `/home/t1000/dept-fun-times`
> 4) Set `Subsystem sftp internal-sftp` in sshd_config
> 5) Create match rule in sshd_config to chroot those users to
> `/opt/container/dept-fun-times`
> 6) Win
>
> Thank you for the (relatively) simple solution.
>
> --
> James Sumners
> http://james.sumners.info/ (technical profile)
> http://jrfom.com/ (personal site)
> http://haplo.bandcamp.com/ (band page)
>



-- 
James Sumners
http://james.sumners.info/ (technical profile)
http://jrfom.com/ (personal site)
http://haplo.bandcamp.com/ (band page)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.ale.org/pipermail/ale/attachments/20150821/fc0535f5/attachment.html>


More information about the Ale mailing list