lshell is a shell coded in Python, that lets you restrict a user’s environment to limited sets of commands, choose to enable/disable any command over SSH (e.g. SCP, SFTP, rsync, etc.), log user’s commands, implement timing restriction, and more. (read on http://lshell.ghantoos.org/)
The project on Sourceforge : http://sourceforge.net/projects/lshell/
lshell is a good alternative to SSH chroot.
There’s an official package in Debian and there’s only one file to configure it :
You can create rules for a specific user, or a specific group and you’ve got in [default] the rules by … default.
When you’ve finished the configuration, you only need to attribute this shell to the user you want to restrict :
with an existing one :
usermod -–shell /usr/bin/lshell UserName
with a new one :
adduser UserName -–shell /usr/bin/lshell
The user will be noticed when he try to do something forbidden and will be kicked after too many mistakes (link to the parameter :
warning_counter set to 2 by default)