In addition to chrooting services/daemons, one can also chroot users! This is not really practical for a system on which users require access to a variety of installed applications, but is ideal for a secure gateway machine — which is open to the world and used as a stepping stone into less open systems.
here.
Quite a bit of work...
http://security.linux.com/security/07/04/11/211209.shtml?tid=129&tid=35
http://sourceforge.net/projects/pam-chroot
CHrootSSH is an excellent alternative to attempting to chroot OpenSSH; it's much less work. Software and documentation is available from chrootssh.sourceforge.net.
After downloading, compiling, installing and starting ChrootSSH, set up your users' home-directories in say /chroot/home/<username> and enter corresponding entries in /etc/passwd:
henrietta:x:1001:100::/chroot/./home/henrietta:/bin/bash # # ...notice the "." in the home-dir path...When henrietta logs in, she will have /chroot/home/henrietta as home directory and be restricted to /chroot on the system — seeing /chroot as /.
Key-authentication can be used with ChrootSSH in the normal way — but remember to install keys in /chroot/home/<username>/.ssh/, not in /home/<username>/.ssh!
...previous | up (conts) | next... |