Limiting SSH access to certain directories

Forum Moderators: bakedjake

Message Too Old, No Replies

Limiting SSH access to certain directories

Possible?

j4mes

1:43 pm on Mar 20, 2005 (gmt 0)

Hi,

Is the above possible, i.e. to limit the access of certain user accounts to specific directories only when accessing via SSH?

Thanks,

wheel

6:19 pm on Mar 20, 2005 (gmt 0)

I think you should start looking into directory permissions first (before looking for an ssh conf file setting). Failing that - though I think that would work - iptables can probably accomplish this as well.

sitz

1:24 am on Mar 21, 2005 (gmt 0)

iptables will be useless in this regard; its sole job is to limit/grant access to things based on where the request comes from on the network (and other networky things). Limiting access to certain directories does not fall under this umbrella. Indeed, even if it theoretically could, I'm not aware of any way to let iptables see the contents of packets traversing an ssh (read: strongly encrypted) link. Limiting access to areas of a filesystem is the job of, well, the filesystem. =)

NickCoons

6:45 am on Mar 26, 2005 (gmt 0)

You could have multiple instances of sshd running, each listening on its own port, with each configured to authenticate its own group of users, and each daemon running in an appropriate chroot jail. This is just theoretical, but it may be worth a shot.

But still.. I agree that it's the filesystem's job to handle this: set proper permissions :-).

MattyMoose

4:44 pm on Apr 4, 2005 (gmt 0)

The best bet woul dprobably be building a chroot environment for each user.

Try something like this:

[antionline.com ]