ssh-chrootmgr(1)ssh-chrootmgr(1)NAMEssh-chrootmgr - Sets up chroot-ready environment for users
SYNOPSISssh-chrootmgr [-h | -? | --help] [-n] [-q] [-v] [username]
OPTIONS
Displays help. Displays what would happen, without executing the com‐
mand. This is particularly useful with the -v option. Quiet mode. Dis‐
plays errors only. Displays verbose information.
DESCRIPTION
You use the ssh-chrootmgr command when you want the sshd daemon and the
sftp-server to enforce use of the ChRootUsers or ChRootGroups keywords
in the sshd2_config file. Using the ChRoot{Users,Groups} keywords
allows you to restrict users to their home directory. This requires,
however, that you use static builds (i.e., no shared libraries) of ssh-
dummy-shell and sftp-server.
The ssh-chrootmgr command tries to identify the user's home directory
from the /etc/passwd file. You can supply more than one username, in
which case all these accounts are processed. The ssh-chrootmgr command
creates a bin directory if it does not exist under the user's home
directory, and copies the static binaries of ssh-dummy-shell and sftp-
server2 into this directory. It also creates a symbolic link, sftp-
server, in that directory to point to the sftp-server2 binary.
After you enter the ssh-chrootmgr command, take the following steps:
Add the user names to the ChRootUsers keyword and group names to the
ChRootGroups keyword in the sshd2_config file. Change the users' shell
to /bin/ssh-dummy-shell in the /etc/passwd file. After the chroot oper‐
ation, the /bin directory is the bin directory in the user's home
directory, from the user's perspective.
LEGAL NOTICES
SSH is a registered trademark of SSH Communication Security Ltd.
SEE ALSO
Commands: ssh2(1)sshd2(8)
Files: sshd2_config(4)ssh-chrootmgr(1)