Help with Remote Login

tedro

macrumors newbie
Original poster
Jun 21, 2015
20
0
Hi,

I don't run the server osx, but thought i should ask here, thank you:)

What do I need to do or change so that when a user is setup with Remote Access (via Sharing pane) it only allows them to see their own Home folder?
Currently, they go to /!!! yikes.
I want them to be able see ONLY their Home Dir.

Something I need to add to ssh config or something?

Help?
 

tedro

macrumors newbie
Original poster
Jun 21, 2015
20
0
@tedro You can configure share points in the "File Sharing" pane under System Preferences --> Sharing.
thanks! can i get some more info on that, please?
all i see under Sharing is where i can "Allow Access For" > "Only These Users".
i don't see where i can assign the share point?
 

Altemose

macrumors G3
Mar 26, 2013
9,173
480
Elkton, Maryland
thanks! can i get some more info on that, please?
all i see under Sharing is where i can "Allow Access For" > "Only These Users".
i don't see where i can assign the share point?
I am away from my Mac right now but you should see two white panes. On the left it will say "John Doe's Public Folder". Select it and hit the minus sign and add the folder you want by hitting the plus sign. Then you can set your permissions on the right pane by allowing all users or only some.
 

tedro

macrumors newbie
Original poster
Jun 21, 2015
20
0
on os x client? i'm not on os x server, just a reminder.
 

tedro

macrumors newbie
Original poster
Jun 21, 2015
20
0
OK! yes yes yes.
check this, the source of my question:

i made a new user (non admin) for a friend to test something for me.
he logged in using ssh Remote Login and was dropped in at /.
are you saying (i know i should just try it) that had i also listed his home dir in that pane you refer to, ot wouod drop him in at his ~/ (only)?
 

tedro

macrumors newbie
Original poster
Jun 21, 2015
20
0
also, i'm talking about ssh connections ...from outside?

i just tried it and the user is dropped into his ~/ but he can still back into /.

i did see when creating the user that i can choose standard or share only...let me try share only....
 

tedro

macrumors newbie
Original poster
Jun 21, 2015
20
0
if you don't mind--THANK YOU--do you why the host machine sometimes changes its local address, e.g.:
10.0.1.7 and then it could be 10.0.1.8 ?

can i stop that?

brb
 

tedro

macrumors newbie
Original poster
Jun 21, 2015
20
0
yes, it eeems that a Sharing Only user is not assignable and cannot ssh in.

so, from my reply above:
i create a standard user, ensble them under Remote Login;
in the Sharing sharepoint pane...add the new user's home dir.
when they login using ssh from outside, they first go to their home, but they can still back up into /.
what am i doing wrong?
 
Last edited:

Altemose

macrumors G3
Mar 26, 2013
9,173
480
Elkton, Maryland
@tedro A client will change its IP unless you either set it up with a static IP configuration or use a DHCP reservation on the router. Do you want SMB or AFP for file sharing?
 

tedro

macrumors newbie
Original poster
Jun 21, 2015
20
0
@tedro A client will change its IP unless you either set it up with a static IP configuration or use a DHCP reservation on the router. Do you want SMB or AFP for file sharing?
yes, AFP. that's more secure than SMB, right? anyway, no Windows clients.
so, i've been using AFP--i, my account, can ssh in fine, but, then, i'm not concerned about my access to /. i just want to stop others'!

p.s. hmmm...dhcp reservation.
 
Last edited:

tedro

macrumors newbie
Original poster
Jun 21, 2015
20
0
THE FOLLOWING MESSAGE IS HEREBY DELETED ;)

possibly off topic: i decuded to run Disk Util and do a perms repair.
one message i got is:
WARNING: SUID file "System/Library/Filesystems/AppleShare/afpLoad" has been modified and will not be repaired.
ok? off topic? no worries. i can use a Terminal, btw. just saying.

thanks so much
 
Last edited:

Altemose

macrumors G3
Mar 26, 2013
9,173
480
Elkton, Maryland
yes, AFP. that's more secure than SMB, right? anyway, no Windows clients.
so, i've been using AFP--i, my account, can ssh in fine, but, then, i'm not concerned about my access to /. i just want to stop others'!

p.s. hmmm...dhcp reservation.
Opening any ports with direct access to your machine is insecure but unless you ran a VPN it is hard to get around.
 

tedro

macrumors newbie
Original poster
Jun 21, 2015
20
0
Opening any ports with direct access to your machine is insecure but unless you ran a VPN it is hard to get around.
yes, i understand.

any hope for making it so a user ssh'ing in only sees his home folder?

thanks
 

tedro

macrumors newbie
Original poster
Jun 21, 2015
20
0
A standard account will only access the folder you setup in System Preferences --> File Sharing. An administrator account will see the whole drive.
so,
create standard user
turn on Remote Login for user
turn on File Sharing and in the Shared Folders pane click + and navigate to the user's home dir.

user connects over internet via ssh client, Cyberduck, etc.
user only has access to his home dir?

edit: i'm doing exactly that, but user can see everything. :-(

p.s. isn't the File Sharing prefpane only related to local network use, i mean, does also configure Remote Login?
 
Last edited:

tedro

macrumors newbie
Original poster
Jun 21, 2015
20
0
Sharing > File Sharing is only for local network access.
and that *does* only take the user to his home, only.

as i've been saying: ssh (Remote Login) via internet--from outside the local network. the same standard user can see everything...which i don't want.

perhaps something in ssh config, or something, could be modified.
 

tedro

macrumors newbie
Original poster
Jun 21, 2015
20
0
@tedro If the user has an administrator account they will see everything. Only standard accounts are bound by your settings.
for File Sharing yes, for Remote Access no, apparently, on 10.5.6 client.

i'll write back if i learn more. :-|

thanks for your time and efforts, very much.
 

tedro

macrumors newbie
Original poster
Jun 21, 2015
20
0
@tedro What type of account is remotely connecting to this Mac?
*Standard*. i am the only admin.
e.g.:
sftp://username@IP_address:22

check this:
http://apple.stackexchange.com/questions/41652/create-a-remote-only-user-in-os-x

seems one would need to create a jail by modifying ssh_config. as i suspected.

believe it or not i used to be a mac tech...i think i knew this! i'm just gettimg back into it lately.

i have old friend who runs an osx network whom i've mailed.
 
Last edited:

tedro

macrumors newbie
Original poster
Jun 21, 2015
20
0
Is there a reason why you don't just use the File Sharing panel then? If I understand correctly all you want to do is share the home folder of that one user.
i don't want to use it. i want the Remote user to ssh into it...and only it.
that article explains it. the guy posting is asking virtually the same thing i'm asking:
"I'd like to create a user on OS X that has remote ssh login privileges where they can access a certain folder /path/to/the/goods/ and add/modify/delete files manually or via rsync while the rest of the Mac is off limits (outside their home directory)."

apparently, you have to create a chroot jail in ssh_ config, for the user.
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.