howto chroot ssh ...

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



... for a single user.
I must only allow the download/upload files with scp or sftp-server.

Now I use this script (*) in the shell command of user, but I not know
howto chroot the sftp-server command ....

Some suggest?

Many thanks

(*)

[lesca@lesca ssh-chroot]$ cat onlyscp.sh
#!/bin/bash
 
#Shell for allow only scp <d${DOT}lesca${AT}solinos.it>
#useradd -s /usr/local/bin/onlyscp.sh scpuser
 
#echo "par: $1|$2|$3|$4|$5" > /dev/pts/0 2>&1
 
CHROOT=/var/tmp
 
DOWNL=yes
UPLOAD=yes
SFTP=no
 
SCP_CMD="echo /usr/bin/scp"
SFTP_CMD="echo /usr/libexec/openssh/sftp-server"
 
# If exist ...
test -f /etc/onlyscp.conf && source /etc/onlyscp.conf
 
cd $CHROOT
 
case "$DOWNL:$UPLOAD:$SFTP:$@" in
yes:*:*:-c\ scp\ -f\ *)
        f=$(echo "$@"|sed -e 's|^-c scp -f ||')
        f=$(echo "./$f"|sed -e 's|\.\./|::/|g')
        eval "$SCP_CMD -f $f"
;;
*:yes:*:-c\ scp\ -t\ *)
        f=$(echo "$@"|sed -e 's|^-c scp -t ||')
        f=$(echo "./$f"|sed -e 's|\.\./|::/|g')
        eval "$SCP_CMD -t $f"
;;
*:*:yes:-c\ */sftp-server)
        eval "$SFTP_CMD"
;;
-c\ ls*)
        (find * -type f |xargs ls -lad) 1>&2
;;
*)
        (
        echo "Operazione Non Supportata"
        echo "Comandi ammessi: scp from & to + ls"
 
        sleep 2
        echo -e "Premi un tasto x uscire\c"
        )1>&2
        read -t 3 a
 
        exit 3
;;
esac

exit 0

----[cut]-----
-- 
Dario Lesca <d.lesca@xxxxxxxxxx>


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux