SSH user for domain.tld

[sci2tech]

(09-07-2009 09:51 PM)kilburn Wrote:  -) nearly unusable though a shell : if each chroot has just the minimal set of binaries accessible.

But configurable . And using hard links
Another idea is Busybox that do a great job with this.

[koko92_national]

Hard links are not so offently used by administrators (I think).

[sseitz]

I've recently introduced some proof-of-concept howto and a suggestion on how to implement SSH. Please see: http://www.isp-control.net/forum/thread-7948.html

Hopefully some ispCP developer reads this

[koko92_national]

(09-24-2009 12:02 AM)sseitz Wrote:  I've recently introduced some proof-of-concept howto and a suggestion on how to implement SSH. Please see: http://www.isp-control.net/forum/thread-7948.html

Hopefully some ispCP developer reads this

Great!

[sci2tech]

It is close to what I have in mind

[kassah]

I would actually be down with just a normal shell as the right user as long as admin/reseller can turn it on and off. Security will only be as good as it's weakest point, which generally is PHP.

[frustro]

(09-07-2009 09:51 PM)kilburn Wrote:  

Quote:If he limits it by username and group name I think it will be all right.

I'm speaking about the chroot concept, not about which permissions should you use. AFAIK chroots are either:
-) insecure : if there is a work-around to allow running binaries from outside the chroot
-) nearly unusable though a shell : if each chroot has just the minimal set of binaries accessible.
-) highly overloaded : if a complete copy/mount --bind/something like this is used so that chroot users have access to all binaries.

It has nothing to do about who you let access the chroot, but how you let him run the binaries.

Bump for jailshell users.

[jeab101]

Oh. I'm Plans is same.