RE: [opensuse] sftp, howto chroot users to their home directories



On Thu, Aug 28, 2008 at 1:14 PM, James D. Parra <Jamesp@xxxxxxxxxxxxxxxx>
wrote:
Hello,

I set up secure ftp by editing sshd_config and tried using 'sftp' to log
in,
but found that I am not locked into my home dir. How can I chroot users
into
their home dir's sftp or an sftp client? On another note, is there an sftp
server that folks recommend?

Thank you,

Sftp is an ssh connection.
Once they have ssh connection they can access anything that
they could access if they were signed in locally.

They can download anything they can see. So you have to manage it
with permissions.

However, it sounds to me like you are up the wrong tree barking.

If you want FTP use FTP. You actually have more
control with a typical ftp server. If you wouldn't trust them to ssh into
your server you shouldn't allow them to sftp into the server.
~~~~~~~~~~~~~~~~~~~~`

I wouldn't agree with that. Outside clients want the security of sftp and I
would want them locked into their home directory without the ability of
'cd'ing up the dir tree and into other client's home directories. Simple ftp
does not offer a secure connection.

There must be a way to accomplish this.

Best,

~James

--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse+help@xxxxxxxxxxxx



Relevant Pages

  • Re: SPAM sudden increase
    ... > Dude was on a tech call with f-secure and the tech asked, "So, ... dude is trying to FTP to their server using WSFTP. ... but I think he is talking about sftp protocol - FTP via ...
    (alt.2600)
  • Re: Does IIS support SFTP?
    ... There are several excellent SFTP server out there for Windows. ... use Cerberus FTP Server for FTP, ... Here's a guide for using SSH to set up SFTP on Windows. ...
    (microsoft.public.inetserver.iis.ftp)
  • Re: FTP partially blocked-- how to trace?
    ... something on the server to only allow secure FTP. ... I changed the protocol in WinSCP from SFTP to SCP and it ...
    (comp.security.firewalls)
  • Re: SFTP Solution
    ... because either their FTP Client can't do SFTP or the Firewall or Proxy ... Server doesn't have the Application Filters to decrypt/encrypt the SFTP ... packets in order to maintain the FTP port complexities of the connection. ... The Firewall product in these articles is MS ISA Server, ...
    (microsoft.public.windows.server.general)
  • Re: sftp and FreeBSD
    ... I closed down ftp on our FreeBSD server recently and have ... However I also have a FreeBSD ... When I type "sftp thedomain.com" (thedomain.com is not the domain I am ...
    (comp.unix.bsd.freebsd.misc)