Is it possible to limit remote access to the Web Server and SFTP portions of OS X Sever Mountain Lion?
MacBook Pro, OS X Mountain Lion (10.8.1)
is the server acting as the router/dhcp server?
or is the server behind a router?
Looking into this myself. It looks like using the sshd ChrootDirectory will do this. From man sshd_config:
ChrootDirectory
Specifies a path to chroot(2) to after authentication. This path, and all its components, must be root-owned directories that are not writable by any other user or group.
The path may contain the following tokens that are expanded at runtime once the connecting user has been authenticated: %% is replaced by a literal '%', %h is replaced by the home directory of the
user being authenticated, and %u is replaced by the username of that user.
The ChrootDirectory must contain the necessary files and directories to support the users' session. For an interactive session this requires at least a shell, typically sh(1), and basic /dev
nodes such as null(4), zero(4), stdin(4), stdout(4), stderr(4), arandom(4) and tty(4) devices. For file transfer sessions using ``sftp'', no additional configuration of the environment is neces-
sary if the in-process sftp server is used (see Subsystem for details).
The default is not to chroot(2).
Is it possible to limit remote access to the Web Server and SFTP portions of OS X Sever Mountain Lion?
