lshell an alternative to SSH chroot for your users

lshell is a shell coded in Python, that lets you restrict a user’s environment to limited sets of commands, choose to enable/disable any command over SSH (e.g. SCP, SFTP, rsync, etc.), log user’s commands, implement timing restriction, and more. (read on http://lshell.ghantoos.org/)

The project on Sourceforge : http://sourceforge.net/projects/lshell/

lshell is a good alternative to SSH chroot.

There’s an official package in Debian and there’s only one file to configure it : /etc/lshell.conf

You can create rules for a specific user, or a specific group and you’ve got in [default] the rules by … default.

When you’ve finished the configuration, you only need to attribute this shell to the user you want to restrict :
with an existing one : usermod -–shell /usr/bin/lshell UserName
with a new one : adduser UserName -–shell /usr/bin/lshell

The user will be noticed when he try to do something forbidden and will be kicked after too many mistakes (link to the parameter : warning_counter set to 2 by default)

Publié le septembre 8, 2011 par . Cet article a été publié dans TIC/Sysadmin. Enregistrer le lien de l'article.

Laisser un commentaire

Votre adresse e-mail ne sera pas publiée. Les champs obligatoires sont indiqués avec *