Limiting ssh user account only to access his home directory!

Posted by EBAGHAKI on Stack Overflow See other posts from Stack Overflow or by EBAGHAKI
Published on 2010-04-16T19:19:43Z Indexed on 2010/04/16 19:23 UTC
Read the original article Hit count: 312

Filed under:
|

By reading some tutorials online I used these commands:

Make a local group: net localgroup CopsshUsers /ADD

Deny access to this group at top level: cacls c:\ /c /e /t /d CopsshUsers

Open access to the copSSH installation directory: cacls copssh-inst-dir /c /e /t /r CopsshUsers

Add Copssh user to the group above: net localgroup CopsshUsers mysshuser /add

simply put these commands will try to create a usergroup that has no permission on your computer and it only have access to the copSSH Installation directory.

This is not true, since you cannot change the permission on your windows directory, the third command won't remove access to windows folder (it says access denied on his log). Somehow I achieved that by taking ownership of Windows folder and then i execute the third command so CopsshUsers has no permissions on windows folder from now on.

Now i tried to SSH to the server and it simply can't login! this is kind of funny because with permission on windows directory you can login and without it you can't!! So if you CAN SSH to the server somehow you know that you have access to the windows directory! (Is this really true??)

Simple task: Limiting ssh user account only to access his home directory on WINDOWS and nothing else!

Guys please help!

© Stack Overflow or respective owner

Limiting ssh user account only to access his home directory!

Posted by EBAGHAKI on Super User See other posts from Super User or by EBAGHAKI
Published on 2010-04-16T19:19:43Z Indexed on 2010/04/16 20:54 UTC
Read the original article Hit count: 313

Filed under:
|
|

By reading some tutorials online I used these commands:

Make a local group: net localgroup CopsshUsers /ADD

Deny access to this group at top level: cacls c:\ /c /e /t /d CopsshUsers

Open access to the copSSH installation directory: cacls copssh-inst-dir /c /e /t /r CopsshUsers

Add Copssh user to the group above: net localgroup CopsshUsers mysshuser /add

simply put these commands will try to create a usergroup that has no permission on your computer and it only have access to the copSSH Installation directory.

This is not true, since you cannot change the permission on your windows directory, the third command won't remove access to windows folder (it says access denied on his log). Somehow I achieved that by taking ownership of Windows folder and then i execute the third command so CopsshUsers has no permissions on windows folder from now on.

Now i tried to SSH to the server and it simply can't login! this is kind of funny because with permission on windows directory you can login and without it you can't!! So if you CAN SSH to the server somehow you know that you have access to the windows directory! (Is this really true??)

Simple task: Limiting ssh user account only to access his home directory on WINDOWS and nothing else!

Guys please help!

© Super User or respective owner

Related posts about Windows

Related posts about ssh