ssh-chrootmgr(1) — Commands
NAME
ssh-chrootmgr − Sets up chroot-ready environment for users
SYNOPSIS
ssh-chrootmgr [−h | −? | −-help] [−n] [−q] [−v] [username]
OPTIONS
−h, −?, or −-help
Displays help.
−nDisplays what would happen but does not actually do any copies. Particularly useful with the −v option.
−qDisplays errors.
−vDisplays verbose information.
DESCRIPTION
You use the ssh-chrootmgr command when you want the sshd daemon and the sftp-server to enforce use of the ChRootUsers or ChRootGroups keywords in the sshd2_config file. Using the ChRoot{Users,Groups} keywords allows you to restrict users to his or her own home directory.
The ssh-chrootmgr command tries to identify the specified user’s home directory from the /etc/passwd file. You can supply more than one username, in which case all these accounts are processed. The ssh-chrootmgr command creates a bin directory if it does not exist under the user’s home directory. It then copies ssh-dummy-shell and sftp-server2 to this directory and makes a symbolic link sftp-server in that directory to point to the sftp-server2 binary.
After you enter the ssh-chrootmgr command:
1.Add the user names to the ChRootUsers keyword and group names to the ChRootGroups keyword in the sshd2_config file.
2.Change the users’ shell to /bin/ssh-dummy-shell in the /etc/passwd file. After the chroot operation, the /bin directory is the bin directory in the user’s home directory, from the user’s perspective.
LEGAL NOTICES
SSH is a registered trademark of SSH Communication Security Ltd.
SEE ALSO
Files: sshd2_config(4)