restrict SSH access of non-admin accounts.

5 posts / 0 new
Last post
#1 Mon, 11/23/2009 - 04:43
Daworm

restrict SSH access of non-admin accounts.

I just tested the SSH login of an account that should not have ssh access outside the /home/ directory. However, it appears it does. I cannot access the other Virtual Server directory but I can access everything including /etc/webmin/ and so on.

I ... feel this is largely insecure While I cannot view the contents of said files. I certainly don't want to allow access to other directories. What do I need to do to restrict this?

Mon, 11/23/2009 - 10:41
andreychek

That's unfortunately not possible (or at least, simple) to setup:

https://www.virtualmin.com/node/12308

What your users are seeing is allowed by the typical UNIX/Linux permissions. You can always change the permissions on files/dirs you don't want them to be able to see.

Barring that, you might just need to prevent SSH access altogether for some users.

-Eric

Mon, 11/23/2009 - 15:07
Daworm

Troublesome, but not impossible.

Would be nice if the feature is inherently set by default to jail you to your /home/ directory...

Mon, 11/23/2009 - 15:36
Daworm

Doesn't look so hard to do..

http://www.cyberciti.biz/tips/rhel-centos-linux-install-configure-rssh-s...

/me configures.

EDIT: This will at least allow SCP / SFTP without SSH access (I wonder if I can include jailed SSH access?) either way.

Win for me... :)

Mon, 11/23/2009 - 16:34
Daworm

Actually... I would highly recommend the above. Gives users on your server access to SCP / SFTP without having to setup SSL for FTP.

But does not allow SSH login! Tested and works beautifully!

Topic locked