Scenario: Your AIX server has OpenSSH installed and sFTP configured. How do you restrict sFTP users from accessing other shells (like ksh, bash, csh, scp, ftp, etc)? How do you prevent them from traversing through your directories and potentially doing all sorts of damage?

The answer: Set up rssh with chroot jail. Restricted shell (rssh) is a replacement for the standard shell (in AIX’s case, ksh) to be used with OpenSSH that lets you restrict shell access to only sftp and scp. It supports chroot jail which is a method to sandbox users and programs in a specific directory. Read the rest of this entry »