SSH jail

From Helpful
Revision as of 17:22, 28 January 2011 by Helpful (talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search
This article/section is a stub — some half-sorted notes, not necessarily checked, not necessarily correct. Feel free to ignore, or tell me about it.


I like to give partial access to some people. However, without a user account there's little you can do securely over the net (other than e.g. VPN-share samba, which is fairly easy with Hamachi), and with a user account you have read right as other all over the place through group and other. Now it's true you can lock down many things, but it may be more bothersome than other alternatives.


scp jail

If you only want to isolate file copying, you can use scponly/scpjailer or rssh. The idea here is to set up a jail, but not give you an actual shell to interact with. You can only use scp and sftp, and then only inside the given jail.

This is a single account that has its own jail, so you can hand out this password to people and use it as a an isolated file exchange thing safe from nosy people.


Setting up a chroot jail for (SSH) logins

If you want an actual login, the idea seems to be to let the wrap your shell in a script that jails said shell. This way you get authentication as usual, but when your actual shell starts the jail applies.

See also chroot

Retrieved from "https://helpful.knobs-dials.com/index.php?title=SSH_jail&oldid=33905"