{"id":671,"date":"2011-09-08T16:44:02","date_gmt":"2011-09-08T15:44:02","guid":{"rendered":"http:\/\/sdubois.evolix.net\/blog\/?p=671"},"modified":"2011-09-08T16:44:02","modified_gmt":"2011-09-08T15:44:02","slug":"lshell-an-alternative-to-ssh-chroot-for-your-users","status":"publish","type":"post","link":"https:\/\/sdubois.fr\/blog\/2011\/09\/lshell-an-alternative-to-ssh-chroot-for-your-users\/","title":{"rendered":"lshell an alternative to SSH chroot for your users"},"content":{"rendered":"<p>lshell is a shell coded in Python, that lets you restrict a user&rsquo;s environment to limited sets of commands, choose to enable\/disable any command over SSH (e.g. SCP, SFTP, rsync, etc.), log user&rsquo;s commands, implement timing restriction, and more. (read on <a href=\"http:\/\/lshell.ghantoos.org\/)\">http:\/\/lshell.ghantoos.org\/<\/a>)<\/p>\n<p>The project on Sourceforge : <a href=\"http:\/\/sourceforge.net\/projects\/lshell\/\">http:\/\/sourceforge.net\/projects\/lshell\/<\/a><\/p>\n<p>lshell is a good alternative to SSH chroot.<\/p>\n<p>There&rsquo;s an official package in Debian and there&rsquo;s only one file to configure it : <code>\/etc\/lshell.conf<\/code><\/p>\n<p>You can create rules for a specific user, or a specific group and you&rsquo;ve got in [default] the rules by &#8230; default.<\/p>\n<p>When you&rsquo;ve finished the configuration, you only need to attribute this shell to the user you want to restrict :<br \/>\nwith an existing one : <code>usermod -\u2013shell \/usr\/bin\/lshell UserName<\/code><br \/>\nwith a new one : <code>adduser UserName -\u2013shell \/usr\/bin\/lshell <\/code><\/p>\n<p>The user will be noticed when he try to do something forbidden and will be kicked after too many mistakes (link to the parameter : <code>warning_counter<\/code> set to 2 by default)<\/p>\n","protected":false},"excerpt":{"rendered":"<p>lshell is a shell coded in Python, that lets you restrict a user&rsquo;s environment to limited sets of commands, choose to enable\/disable any command over SSH (e.g. SCP, SFTP, rsync, etc.), log user&rsquo;s commands, implement timing restriction, and more. (read on http:\/\/lshell.ghantoos.org\/) The project on Sourceforge : http:\/\/sourceforge.net\/projects\/lshell\/ lshell is a good alternative to SSH <a href=\"https:\/\/sdubois.fr\/blog\/2011\/09\/lshell-an-alternative-to-ssh-chroot-for-your-users\/\"> lire la suite <span class=\"meta-nav\"><\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":2348,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[],"class_list":["post-671","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-tic"],"_links":{"self":[{"href":"https:\/\/sdubois.fr\/blog\/wp-json\/wp\/v2\/posts\/671","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/sdubois.fr\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/sdubois.fr\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/sdubois.fr\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/sdubois.fr\/blog\/wp-json\/wp\/v2\/comments?post=671"}],"version-history":[{"count":0,"href":"https:\/\/sdubois.fr\/blog\/wp-json\/wp\/v2\/posts\/671\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/sdubois.fr\/blog\/wp-json\/wp\/v2\/media\/2348"}],"wp:attachment":[{"href":"https:\/\/sdubois.fr\/blog\/wp-json\/wp\/v2\/media?parent=671"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/sdubois.fr\/blog\/wp-json\/wp\/v2\/categories?post=671"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/sdubois.fr\/blog\/wp-json\/wp\/v2\/tags?post=671"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}