Re: OpenSSH Windows Security
- From: "Erik Naslund" <erik.naslund@xxxxxxxxx>
- Date: 3 Aug 2006 05:09:16 -0700
I can prevent them from having shell access by changing their default
shell varialble to /usr/sbin/sftp-server or the like.
The goal is to only allow SFTP/SCP access and to lock them into their
home directories. As far as I know, OpenSSH is the only option for
secure file transfer in windows. (welcoming alternatives at this point)
I will have a look at the link you provided and see what mileage I can
get with cygwin. I will post the results.
TwistyCreek wrote:
Erik Naslund wrote:
My company has a requirement for secure file transfer. We are limited
to windows server 2003. I have successfully setup OpenSSH via cygwin on
this server.
The problem I am having is that I cannot seem to figure out how to
isolate users. They are permitted to travel up the directory structure
into the cygwin directories. Granted it is only read access, but how
can I lock them into their home directory?
You need to put them in a chroot jail. Don't know about Cygwin, but
instructions for doing this with OpenSSH in a "real" *nix environment
can be found here...
http://wiki.linuxquestions.org/wiki/OpenSSH_chrooting
OPenSSH really isn't the best choice if you just need to move files.
It is, as the name implies, a "shell" which needs certain things to
function. This makes chrooting users much more difficult.
.
- Follow-Ups:
- Re: OpenSSH Windows Security
- From: nemo_outis
- Re: OpenSSH Windows Security
- References:
- OpenSSH Windows Security
- From: Erik Naslund
- Re: OpenSSH Windows Security
- From: TwistyCreek
- OpenSSH Windows Security
- Prev by Date: Re: OpenSSH Windows Security
- Next by Date: Re: OpenSSH Windows Security
- Previous by thread: Re: OpenSSH Windows Security
- Next by thread: Re: OpenSSH Windows Security
- Index(es):
Relevant Pages
|
