+- ispCP - Board - Support (http://www.isp-control.net/forum)
+-- Forum: ispCP Omega Development Area (/forum-1.html)
+--- Forum: General discussion (/forum-11.html)
+--- Thread: SSH access for user (/thread-1025.html)
RE: SSH access for user - rbtux - 07-23-2007 11:48 PM
Zothos Wrote:Normaly all servers accept a strg + alt + entf by default..... And thats only the minor things which can happen.
every nearly responsible system administrator turns this off the first thing after the installation :-)
RE: SSH access for user - raphael - 07-24-2007 03:07 AM
Zothos Wrote:Normaly all servers accept a strg + alt + entf by default..... And thats only the minor things which can happen.I completely agree with rbtux's statement
and for setting a password check man passwd (/usr/bin/passwd)
RE: SSH access for user - Zothos - 07-24-2007 06:30 AM
it was just an example
RE: SSH access for user - blocker - 07-24-2007 05:14 PM
how about user can have a ssh daemon in jail ? so in that way user can ssh to his own account, is this possible ?
RE: SSH access for user - BeNe - 07-24-2007 06:24 PM
In Jail ?
I only know about it in FreeBSD...donĀ“t know if this works on Debian or something else.
Greez BeNe
RE: SSH access for user - rbtux - 07-24-2007 07:08 PM
yes it works, but you need a to write a chroot skript which includes all the commands you'll need in th jail... it's a little complicated^^
RE: SSH access for user - rbtux - 07-24-2007 07:09 PM
maybe something like this skript may help...
http://de.gentoo-wiki.com/SSH_Login_ins_Chroot
RE: SSH access for user - ephigenie - 07-24-2007 08:00 PM
yeah or just scponly access ?
http://www.isp-control.net/ispcp/wiki/chroot_wrapper_skript
http://www.isp-control.net/ispcp/wiki/scponly_chroot
In upcoming releases we need a full chroot environment - to use sbox or similar wrapper to chroot cgi and if we're going to chroot the fastcgi as well its one more cause for a good chroot - creation script.
So if we've that chroot env already there - it should be easy to allow ssh logins into it, too. There are wrapper scripts as shell replacements which can be put into the /etc/passwd and eval the path of the current user if there's something like that /var/www/virtual/./<domain>.<tld>/ the user will get chrooted to /domain.tld/
RE: SSH access for user - achioo - 07-25-2007 03:24 AM
How do we use the wrapper to restrict our users to their directory?
RE: SSH access for user - Lonesome Walker - 07-25-2007 04:11 AM
Um well...
The idea of a shell account...
I don't want to be rude, but:
Only script kiddies need one.
Other companies/users will have their own server.
Have a look at PLESK, then you can see how this works.
Personally i don't like this option, because one bug in this shell replacement, and the whole server is busted.
But this is just the opinion of a pen-tester...