Switch to SpeakEasy.net DSL

The Modular Manual Browser

Home Page
Manual: (OSF1-V5.1-alpha)
Apropos / Subsearch:
optional field

ssh-chrootmgr(1)					     ssh-chrootmgr(1)


  ssh-chrootmgr	- Sets up chroot-ready environment for users


  ssh-chrootmgr	[-h | -? | --help] [-n]	[-q] [-v] [username]


  -h, -?, or --help
      Displays help.

  -n  Displays what would happen, without executing the	command. This is par-
      ticularly	useful with the	-v option.

  -q  Quiet mode. Displays errors only.

  -v  Displays verbose information.


  You use the ssh-chrootmgr command when you want the sshd daemon and the
  sftp-server to enforce use of	the ChRootUsers	or ChRootGroups	keywords in
  the sshd2_config file. Using the ChRoot{Users,Groups}	keywords allows	you
  to restrict users to their home directory. This requires, however, that you
  use static builds (i.e., no shared libraries)	of ssh-dummy-shell and sftp-

  The ssh-chrootmgr command tries to identify the user's home directory	from
  the /etc/passwd file.	You can	supply more than one username, in which	case
  all these accounts are processed. The	ssh-chrootmgr command creates a	bin
  directory if it does not exist under the user's home directory, and copies
  the static binaries of ssh-dummy-shell and sftp-server2 into this direc-
  tory.	It also	creates	a symbolic link, sftp-server, in that directory	to
  point	to the sftp-server2 binary.

  After	you enter the ssh-chrootmgr command, take the following	steps:

   1.  Add the user names to the ChRootUsers keyword and group names to	the
       ChRootGroups keyword in the sshd2_config	file.

   2.  Change the users' shell to /bin/ssh-dummy-shell in the /etc/passwd
       file. After the chroot operation, the /bin directory is the bin direc-
       tory in the user's home directory, from the user's perspective.


  SSH is a registered trademark	of SSH Communication Security Ltd.


  Commands: ssh2(1) sshd2(8)

  Files: sshd2_config(4)