[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Jailkit-users] jail all users by default
From: |
Olivier Sessink |
Subject: |
Re: [Jailkit-users] jail all users by default |
Date: |
Fri, 22 May 2009 16:08:23 +0200 |
User-agent: |
Thunderbird 2.0.0.21 (X11/20090318) |
Alex wrote:
> What I would like to do is basically create an “SSH proxy” and Jailkit
> looks very promising at doing this except I do not want to manage users
> on the system.
>
>
>
> Could I for instance have users authenticate with pam (which is in use
> now to centrally manage users) and then be placed in a default jail
> which they would only be able to SSH out of or what ever other service
> that I would allow.
>
>
>
> Currently a user authenticates they are given a default shell
> /usr/bin/ksh and a home directory on a NFS /nfs/home/<user>. I would
> like the user to be jailed by default.
You mean a SSH proxy like
http://olivier.sessink.nl/jailkit/howtos_ssh_only.html ?
There are several things you could use.
If the users shell is jk_chrootsh you can use the options
skip_injail_passwd_check and injail_shell for all users:
[DEFAULT]
skip_injail_passwd_check=1
injail_shell=/bin/bash
pam_chroot is another utility you should look at if the shell for the
user is different. You can setup the chroot jail for pam_chroot with
Jailkit perfectly.
pam_chroot in combination with jk_lsh should be possible as well (but I
haven't tested it).
regards,
Olivier