HT5586: About Apple Remote Desktop Client 3.6.2Learn about About Apple Remote Desktop Client 3.6.2
HT5586 Is it possible to limit remote access to the Web Server and SFTP portions of OS X Sever Mountain Lion?
Currently Being ModeratedHT5586 Re: Is it possible to limit remote access to the Web Server and SFTP portions of OS X Sever Mountain Lion?Apr 24, 2013 9:11 PM (in response to Gary MBS)
is the server acting as the router/dhcp server?
or is the server behind a router?
Currently Being ModeratedHT5586 Re: Is it possible to limit remote access to the Web Server and SFTP portions of OS X Sever Mountain Lion?Feb 28, 2014 2:20 PM (in response to Gary MBS)
Looking into this myself. It looks like using the sshd ChrootDirectory will do this. From man sshd_config:
Specifies a path to chroot(2) to after authentication. This path, and all its components, must be root-owned directories that are not writable by any other user or group.
The path may contain the following tokens that are expanded at runtime once the connecting user has been authenticated: %% is replaced by a literal '%', %h is replaced by the home directory of the
user being authenticated, and %u is replaced by the username of that user.
The ChrootDirectory must contain the necessary files and directories to support the users' session. For an interactive session this requires at least a shell, typically sh(1), and basic /dev
nodes such as null(4), zero(4), stdin(4), stdout(4), stderr(4), arandom(4) and tty(4) devices. For file transfer sessions using ``sftp'', no additional configuration of the environment is neces-
sary if the in-process sftp server is used (see Subsystem for details).
The default is not to chroot(2).