Re: sftp virtual users question

From: Jeff Rosowski (rosowskij_at_ie.ymp.gov)
Date: 02/02/05

  • Next message: Tay, Gary: "RE: AllowGroups and ldap"
    Date: Wed, 2 Feb 2005 09:58:18 -0800 (PST)
    To: Bob Rasmussen <ras@anzio.com>
    
    

    check out scponly. that lets you chroot a user, and only allow scp/sftp.

    On Tue, 1 Feb 2005, Bob Rasmussen wrote:

    > On Tue, 1 Feb 2005, Lukasz Chruszczyk wrote:
    >
    >> Helo
    >> 1.Is it possible to prevent a user to get access to shell (by means of
    >> ssh),
    >> but give him/her access to sftp (or scp)
    >> 2.Is it possible to manage users independently for ssh and sftp(scp)
    >> subsystems?
    >> 3.Documentation about sftp-server subsystem is very poor? Where can I get
    >> more info?
    >
    > First, I assume you're talking about OpenSSH's implementation; is that
    > right?
    >
    > You are right that there is very little configurability. You might want to
    > force a particular directory as the user's home directory for SFTP
    > (different from their login directory). You might also want to restrict
    > their navigation.
    >
    > As far as I can tell there is no way to do this with OpenSSH's
    > implementation. This would be a good area for someone to expand upon.
    >
    > Regards,
    > ....Bob Rasmussen, President, Rasmussen Software, Inc.
    >
    > personal e-mail: ras@anzio.com
    > company e-mail: rsi@anzio.com
    > voice: (US) 503-624-0360 (9:00-6:00 Pacific Time)
    > fax: (US) 503-624-0760
    > web: http://www.anzio.com
    >


  • Next message: Tay, Gary: "RE: AllowGroups and ldap"

    Relevant Pages

    • Re: FTPS Server?
      ... port numbers by deep packet inspection. ... client, but the underlying SSH protocol over the network is way, way ... See the chroot configuration in the man-page for sshd_config ... recommend running a separate instance on a separate port (if firewalls ...
      (freebsd-stable)
    • Re: chroot SSH users.
      ... Subsystem sftp internal-sftp ... SSH in the system. ... "Make sure chroot support was compiled in" ...
      (freebsd-questions)
    • Re: Need advice on setting of an SSH server for untrusted users
      ... > I've just set up an ssh server so that my customers can download code ... I've set up ssh so that it requires rsa authentication. ... There is a patch for openssh that will cause it to do a chroot like ... The issue with a chroot jail for ssh is that you have to hand-roll the ...
      (comp.os.linux.security)
    • Re: Problems with Sudo
      ... you can't sudo to root. ... SSH is generally allowed, all limitations should still apply including ... secure, the internet is a very dangerous place. ... allowing someone to break out of a chroot jail by simply logging back ...
      (Ubuntu)
    • Re: sftponly
      ... provided the server is secure or what other services/interfaces you ... > I agree - chrooting is a good practice, and I wouldn't set SSH up without ... > you pair them with a chroot jail. ... Of course they can do more with SSH access, ...
      (SSH)