Re: Jailkit, jailing sftp users and scp problems

On 20 Apr, 19:06, gwart...@xxxxxxxxx wrote:
I needed a way to jail sftp users so I used jailkit 2.0. There are a
couple of good SOPs on the web for setting it up and for the most
part, my installations were flawless using these SOPs. However, I ran
into a problem this week dealing with sftp and scp on FC5.

Let me stop you right there. I've previously tried to get chroot jails
integrated into OpenSSH, and had my efforts refused. It's just not
worth the pain these days to try to re-create all that work when
you'll have to do it again, and again, and again for every new OpenSSH
release.

Instead, proceed directly to WebDAV over HTTPS. It works in Windows,
with Konqueror, with LFTP, and you can even mount filesystem this way
in Linux with FUSE. You get all the Apache access controls, including
integrated PAM or Kerbersos, you get good chroot cage behavior, you
get a *VASTLY* better command line interface with LFTP, and it handles
symlinks in a reasonable fashion.

.