From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from lists.gentoo.org ([140.105.134.102] helo=robin.gentoo.org)
	by nuthatch.gentoo.org with esmtp (Exim 4.62)
	(envelope-from <gentoo-user+bounces-59449-garchives=archives.gentoo.org@gentoo.org>)
	id 1HDBrR-0000SD-Ao
	for garchives@archives.gentoo.org; Sat, 03 Feb 2007 03:46:45 +0000
Received: from robin.gentoo.org (localhost [127.0.0.1])
	by robin.gentoo.org (8.13.8/8.13.8) with SMTP id l133jVD6023827;
	Sat, 3 Feb 2007 03:45:31 GMT
Received: from nf-out-0910.google.com (nf-out-0910.google.com [64.233.182.191])
	by robin.gentoo.org (8.13.8/8.13.8) with ESMTP id l133fO9i017750
	for <gentoo-user@lists.gentoo.org>; Sat, 3 Feb 2007 03:41:24 GMT
Received: by nf-out-0910.google.com with SMTP id c31so2678452nfb
        for <gentoo-user@lists.gentoo.org>; Fri, 02 Feb 2007 19:41:24 -0800 (PST)
DomainKey-Signature: a=rsa-sha1; c=nofws;
        d=gmail.com; s=beta;
        h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references;
        b=Cf19bZQi3Se8IpY1upe1XXU7lPQoJqqVvYB7fwq1rpSJeFtfa+4if1r9BpMJ9cXuxL9BNoaxBbcCRvt738AgMIeR28AFVe+lgyxVfxe8VJmV+861VW9CyEP3PSEfK8ZBOCtugmbknnntUXijCOy9XkKnN1mbVgcOEelBkbFMhIM=
Received: by 10.82.188.15 with SMTP id l15mr1480023buf.1170474083817;
        Fri, 02 Feb 2007 19:41:23 -0800 (PST)
Received: by 10.82.186.18 with HTTP; Fri, 2 Feb 2007 19:41:23 -0800 (PST)
Message-ID: <976cb44f0702021941j6de6da69u8888349287eda82@mail.gmail.com>
Date: Fri, 2 Feb 2007 22:41:23 -0500
From: "Greg Bur" <greg.bur@gmail.com>
To: gentoo-user@lists.gentoo.org
Subject: Re: [gentoo-user] scp login but confine the user to his home directory?
In-Reply-To: <5bdc1c8b0702021913k6fd4f260m7932da2a6293bca4@mail.gmail.com>
Precedence: bulk
List-Post: <mailto:gentoo-user@lists.gentoo.org>
List-Help: <mailto:gentoo-user+help@gentoo.org>
List-Unsubscribe: <mailto:gentoo-user+unsubscribe@gentoo.org>
List-Subscribe: <mailto:gentoo-user+subscribe@gentoo.org>
List-Id: Gentoo Linux mail <gentoo-user.gentoo.org>
X-BeenThere: gentoo-user@gentoo.org
Reply-to: gentoo-user@lists.gentoo.org
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
References: <5bdc1c8b0702021913k6fd4f260m7932da2a6293bca4@mail.gmail.com>
X-Archives-Salt: fdd9af5d-9cb0-4ea8-b1a8-ca371ab38e07
X-Archives-Hash: c58e2cccdc7bfe149ad7618121610246

On 2/2/07, Mark Knecht <markknecht@gmail.com> wrote:
> Hi,
>    I'm wondering if it is possible and/or advisable to set up an
> account where a user can scp files in and out of his home directory
> using scp but if he logs into the machine using ssh he cannot go
> anywhere outside of his home directory?
>
>    How would I set something like this up?

Mark,

Rebuild openssh with the chroot USE flag enabled and then have a look
at the following HOWTO:

http://www.howtoforge.com/chrooted_ssh_howto_debian

It's a bit of work to set up but it works well.  We have a similar
setup at work for our shared hosting customers.

Regards,

Greg
-- 
gentoo-user@gentoo.org mailing list