openssh 5.1

Jonas Genannt

Quicksearch

Personal

Contact

Archives

Categories



All categories

Syndicate This Blog

Thursday, January 29. 2009

openssh 5.1

On Debian lenny openssh 5.1 is shipped. These new version allows some nice security configurations.

add to /etc/ssh/sshd_config:
Match User jonas
AllowTcpForwarding no
X11Forwarding no
ChrootDirectory /home
ForceCommand internal-sftp

This will chroot the user jonas to /home. The user jonas could only use sftp, no interactive shell is permitted. Also the user could not run ssh foo@bar 'cat /proc/cpu'.

Warning: The ChrootDirectory have to be root owned!

For all WinSCP users:
-> disable SCP-Callback

For all Linux sftp users:
-> sftp -s /usr/lib/openssh/sftp-server foo@bar.com
Posted by Jonas Genannt in useful stuff at 20:51 | Comment (1) | Trackbacks (0)

Trackbacks
Trackback specific URI for this entry

No Trackbacks

Comments
Display comments as (Linear | Threaded)

Absolutly cool - thanks for this hint!
#1 Mike on 2009-01-29 22:11 (Reply)

Add Comment

Enclosing asterisks marks text as bold (*word*), underscore are made via _word_.
Standard emoticons like :-) and ;-) are converted to images.
E-Mail addresses will not be displayed and will only be used for E-Mail notifications.

To prevent automated Bots from commentspamming, please enter the string you see in the image below in the appropriate input box. Your comment will only be submitted if the strings match. Please ensure that your browser supports and accepts cookies, or your comment cannot be verified correctly.
CAPTCHA