[K12OSN] SSH Jailing? Disable viewing of dot files/folders with SCP clients?

Jim Kronebusch jim at winonacotter.org
Wed Aug 1 14:45:58 UTC 2007

I would like to disable access from outside to our server via ftp.  I would like to
offer access in the future via SCP over SSH.  Now with ftp I could say go into the
vsftp.conf and set an option to jail users to their home directory, then they could
browse the entire server.  But when I enable the use of ssh and connect with a client
such as WinSCP (Windows) or Gftp (Linux) or Fugu (OSX) I can browse the entire server. 
So I googled ssh jail /home and all solutions I find recommend creating some sort of
/jail directory and relocating /home inside it such as /jail/home/username or
/home/jail/home/username.  I don't really like the sound of that and don't fully
understand what that could break in terms of LTSP and other apps.

Does anyone know of a way to keep users from traversing out of /home with modification
of sshd.conf or at least with an add-on that doesn't require messing with the standard
layout of /home?

Second minor problem is how to eliminate display of dot files when viewing with and SCP
client.  I would like to disable display of dot files on the server side to eliminate
the need of client modifications.  Any suggestions there would be helpful as well (I
don't want users to delete or even know that the dot files or directories even exist). 
I am okay with users being able to change a setting on their client to purposely display
the dot files/folders, but I would like it to default to not displaying.  I figure if
they know enough to make a change to display the files, they must already know they
exist, and would then likely understand their role/importance.


Jim Kronebusch
Cotter Tech Department

This message has been scanned for viruses and
dangerous content by the Cotter Technology 
Department, and is believed to be clean.

More information about the K12OSN mailing list