Hi,

> Why, what is your threat model that you have to do this?

Thanks for your reply. Basically, we're managing the infrastructure for a
client, but not the (web) apps. 

The client has insisted his developers need SSH access. After quite some
discussion, we provided it.

The client has multiple developers and himself hosts for different clients, so
multiple SSH accounts are being provided to multiple developers.

They really only need access to their home directories, they don't need access
to the main server filesystem etc.

The new OpenSSH version makes this easier than other chroot hacks I've seen,
in that it uses sftp libraries to provide the chroot'ed ssh environment. So no
need to copy all libraries for each ssh command that is needed to be used in
the environment and then having an upgrade headache when OpenSSH needs to be
updated.

Regards,

Michael.

> Michael Mansour wrote:
> > Hi,
> > 
> > I'm looking for a way to setup the chroot for SSH users, into their home
> > directories.
> > 
> > Do people do this with SL5?
> > 
> > I've looked at the latest OpenSSH which does do this, but requires separate
> > compilation. I'd rather try and find pre-built RPM's of the latest OpenSSH.
> > 
> > Any advice is appreciated.
> > 
> > Michael.
> >
> 
> --
> 
> Please sign my petition:
> http://petitions.number10.gov.uk/alcohol-buying/
> 
> ---------------------------------------------------------
> Faye Gibbins, Computing Officer (Infrastructure Services)
>       GeoS KB; Linux, Unix, Security and Networks.
> Beekeeper  - The Apiary Project, KB -   www.bees.ed.ac.uk
> ---------------------------------------------------------
> 
>    I grabbed at spannungsbogen before I knew I wanted it.
>                   (x(x_(X_x(O_o)x_x)_X)x)
> 
> The University of Edinburgh is a charitable body,
> registered in Scotland, with registration number SC005336.
------- End of Original Message -------