This website is deprecated, and remains online only for historic access to old issues and docs for historic versions of Virtualmin. It has been unmaintained for several years, and should not be relied on for up-to-date information. Please visit www.virtualmin.com instead.

restrict SSH access of non-admin accounts.

5 posts / 0 new

Topic locked

Last post

#1 Mon, 11/23/2009 - 04:43

Daworm

restrict SSH access of non-admin accounts.

I just tested the SSH login of an account that should not have ssh access outside the /home/ directory. However, it appears it does. I cannot access the other Virtual Server directory but I can access everything including /etc/webmin/ and so on.

I ... feel this is largely insecure While I cannot view the contents of said files. I certainly don't want to allow access to other directories. What do I need to do to restrict this?

#2 Mon, 11/23/2009 - 10:41

andreychek

That's unfortunately not possible (or at least, simple) to setup:

https://www.virtualmin.com/node/12308

What your users are seeing is allowed by the typical UNIX/Linux permissions. You can always change the permissions on files/dirs you don't want them to be able to see.

Barring that, you might just need to prevent SSH access altogether for some users.

-Eric

#3 Mon, 11/23/2009 - 15:07

Daworm

Troublesome, but not impossible.

Would be nice if the feature is inherently set by default to jail you to your /home/ directory...

#4 Mon, 11/23/2009 - 15:36

Daworm

Doesn't look so hard to do..

http://www.cyberciti.biz/tips/rhel-centos-linux-install-configure-rssh-s...

/me configures.

EDIT: This will at least allow SCP / SFTP without SSH access (I wonder if I can include jailed SSH access?) either way.

Win for me... :)

#5 Mon, 11/23/2009 - 16:34

Daworm

Actually... I would highly recommend the above. Gives users on your server access to SCP / SFTP without having to setup SSL for FTP.

But does not allow SSH login! Tested and works beautifully!

Topic locked