Re: locking down sftp directory

"tilopa" <wgilgallon@xxxxxxxxx> writes:

I just installed and configured Cygwin SSH on a Windows2003 DC. We want
to have external clients be able to sftp into this server and be able
to upload and download files from a single particular directory. But
when I test this functionality I can connect to the server and am
dumped into the correct dirctory but I can then uplevel to the cygwin
root directory and have access to everything there. I have searched
quite a bit for a solution and have found nothing, except for
references to chroot which apparently can only be configured on a pure
unix machine. It is puzzleing to me that more businesses would not need
this functionality, and what is the point of secure ftp if you cannot
lock your users into there home directory. Does anyone know of a better
free solution?

Ironically, it's the non-free operating system you're using
unfortunately is what's thwarting you it seems. :-)

But VanDyke's Vshell server may be worth the money if you can't get
where you wanna go with the free stuff
http://vandyke.com/products/vshell/index.html

Or... and this is kinky, and an idea off the top of my head, Vmware
Server http://www.vmware.com/products/server/ is free, and rocks. Use
it create a Linux virtual machine on that DC. Then, you can run
openssh on linux properly. A drive share can be made to cross the
virtual machine boundary if need be. Samba has PAM modules evidently
to allow to either auth against the 2003 DC directly, or to keep those
passwords in sync if the samba section of
http://www.kernel.org/pub/linux/libs/pam/modules.html is to be
believed.

And if someone hacks your ftp server, they're inside a virtual machine
jail by and large only with access to the windows 2003 directory you
specifically shared into the virtual machine.

But by the time you're done with that you may really wish you had
spent the money for vshell server. :-)

Best Regards,
--
Todd H.
http://www.toddh.net/
.

Relevant Pages

  • Re: Trust Issues
    ... sharepoint and Project Server... ... I set a one way external trust between the great domain and one ... > since it is hard to determine if the VMWare image, ... These two systems are the virtual machine in VMware. ...
    (microsoft.public.windows.server.general)
  • Re: Impact if changing the number of cpu
    ... So there should be no impact for Windows Server 2003 if we remove one CPU ... for a specific VMware Virtual Machine? ... Also in regards to your VMWARE question. ...
    (microsoft.public.windows.server.general)
  • Re: ISA 2000 Restore (via Virtual PC 2004)
    ... that server when deleting them.. ... > entire configuration, as per your needs. ... and restore it on top of your current Virtual PC guest (the ... > onto the virtual machine, which will actually look to ISA like the original ...
    (microsoft.public.isaserver)
  • Server setup
    ... I well understand the traditional requirements about dedicated server setup, but virtual machines in this context are something of a brave new world. ... One virtual machine will run XP Pro with MS SQL Server 2006 Express Edition installed and running FileMaker ...
    (comp.databases.filemaker)
  • Re: How effective is Doubletake or similar HA software with SBS?
    ... The idea is to have SBS running as a virtual machine on either MS ... Virtual Server 2005 R2 or VMWARE Server, bot of which are free and ... Using SteelEye Data Replication, ...
    (microsoft.public.windows.server.sbs)