Re: OpenSSH Windows Security

nemo_outis wrote:

"Erik Naslund" <erik.naslund@xxxxxxxxx> wrote in
news:1154606956.116352.205580@xxxxxxxxxxxxxxxxxxxxxxxxxxxx:

I can prevent them from having shell access by changing their default
shell varialble to /usr/sbin/sftp-server or the like.

The goal is to only allow SFTP/SCP access and to lock them into their
home directories. As far as I know, OpenSSH is the only option for
secure file transfer in windows. (welcoming alternatives at this
point)

There is also SFTP

SFTP is typically defined as using an SSH capable FTP client to connect
to an SSH server. It uses the "native" commands on the server to provide
directory services, and needs to be secure exactly like a "raw" SSH
session would be with respect to up-level directory access.

http://kb.iu.edu/data/akqg.html

There is a server daemon named SFTP, but it also allows access to all
the directories a user has permission to access, and requires that
permissions be set in such a way that access to $FTPROOT is allowed for
all users. The same problem the OP is running up against with SSH
I think. :-(

and FTP/TLS-SSL. Serv-u and other Windows ftp servers
provide directory limits.

FTPS and a proper FTP server would be my choice, and with the right
file manager on the client side moving files back and forth could be as
transparent as moving them from folder to folder on your own machine
(does Tuxcmd have a Windows port)? <g> It wouldn't be all that
complicated to script the whole thing if these file transfers followed
patterns or routine.

My second choice would be a full blown VPN solution, FWIW. Second to
FTPS only because I think it's a little bit of an over kill for the
problem the OP is trying to solve.

The user experience is not a transparent Windows Explorer sort, though.

Are there no VFS "plugins" for Windows file managers?

I knew there was a reason I dumped all things Windows years ago. ;-)

.

Relevant Pages

  • Re: FC6 VPN
    ... Then you can run any application you would like off the server by simply running it, or if you want to run a whole session, use gnomesession. ... ssh client that supports X forwarding, which is want you want to be looking at. ... SSH allows you to forward any local port to any remote port. ... If you need to connect to, say a windows share, you would forward your local port to the linux server through the ssh tunnel. ...
    (Fedora)
  • Re: FTP Setup in WIndows 2000 help
    ... Thank you for responding Bernard. ... The more I use Win2k Server the more I realize I am no IT guy... ... So FTP is still not working and now I seem to have broken forms on the ... to set up a basic login FTP service on a Windows ...
    (microsoft.public.inetserver.iis.ftp)
  • Re: ftp server question
    ... That innocent looking port scan you see in your firewall today could ... So anyone running an open FTP server has probably already been 'found out' but not everyone runs a log and even fewer probably check it! ... the SSH server, so it only gets attacked once every three minutes tops. ...
    (alt.computer.security)
  • RE: [OT] M$ collaborates with Suse
    ... Most hosting facilities do allow FrontPage and/or FTP access...FrontPage ... Remote Administration to an actual server can be done with a Terminal ... Secure Administration on the inside can be done with Scripting. ... decent free SSH Servers out there for Windows and I like freeSSHd. ...
    (Debian-User)
  • Re: SAMBA on USS?
    ... FTP functionality is not available from within the product, so we'd have to write a FTP script to push the files onto a FTP server. ... On Linux I've successfully used Samba to increase the flexibility of this approach by allowing us to push files onto Windows shares regardless of whether they're also running an FTP server. ... I've done a bit of reading on the internet and it sounds like Samba is an implementation of a common protocol SMB which appears to be supported on z/os USS - do you know if this would work on our environment? ...
    (bit.listserv.ibm-main)