Restrict SSH users: limit them to their own directory
Q I want to set up my SUSE 10.2 system to allow users to connect to my OpenSSH service. I can see any folder on the system when I connect (even as a regular user). How can I have it restrict users so that they can only see folders within the home folder that I assign to them when I create their user account? Is it possible to restrict certain users to just SFTP or SCP functions?
A An SSH login is virtually the same as a local login, apart from the fact that it operates through an encrypted tunnel. So a user has the same rights when they are logged in via SSH as they would when sitting in front of your computer. This normally means they can read system directories - otherwise they wouldn't be able to run any programs - but not modify them. It is possible to set up a system to chroot a user to their home directory on login, but this is a far from trivial task. If you want to try this, I suggest you look at Jailkit (http://olivier.sessink.nl/jailkit), a set of utilities which will make this task somewhat easier. Jailkit can also be used to restrict users to SFTP or SCP connections only, but there is a simpler alternative if this restriction is all you need. Scponly (http://sublimation.org/scponly) is a replacement shell program that refuses shell logins but allows SFTP and SCP connections.
The simplest way to run this is to set the user's shell to scponly in /etc/passwd. This will prevent shell logins, but will still allow them to traverse the filesystem according to the permissions of the various directories and files. There is also a chroot option for scponly, but this also adds a level of complexity - you may be better off with Jailkit if you want this. The difficulty of setting up a chroot login is that you must provide all the files the user needs to do whatever they need, including running programs, within their home directory, without providing anything they don't need that you don't want them to see. Programs like Jailkit work very well for this when used for a specific purpose - such as chrooting a server - but not so well for interactive logins. Depending on your security needs, in a majority of cases it is probably better to keep your system secure at the local level, by ensuring that non-administrative users cannot read system- critical files, then this security will automatically apply to any SSH, SFTP or SCP connections.
Follow us on Identi.ca or Twitter