rawandnet
asked on
sftp allow servral user access single folder
I want to configure Sftp but allow only serveral people access just one folder. I don’t want them to be able to browse to root directory. Is that possible.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
That will work, it will jail them all in their home directories. Setting chroot_local to yes and setting each user to have the same home directory (the directory you want them to access) will do what you want.
ASKER
one more question,
I am using svfptd, this is the secure ftp is in it?
and i used the following to encrypt connections?ssl_enable=YES
allow_anon_ssl=NO
force_local_data_ssl=NO
force_local_logins_ssl=NO
ssl_tlsv1=YES
ssl_sslv2=NO
ssl_sslv3=NO
rsa_cert_file=/etc/vsftpd/ vsftpd.pem
and using openssl to create vsftpd.pem file, does that makes it more secure?
I am using svfptd, this is the secure ftp is in it?
and i used the following to encrypt connections?ssl_enable=YES
allow_anon_ssl=NO
force_local_data_ssl=NO
force_local_logins_ssl=NO
ssl_tlsv1=YES
ssl_sslv2=NO
ssl_sslv3=NO
rsa_cert_file=/etc/vsftpd/
and using openssl to create vsftpd.pem file, does that makes it more secure?
Are you trying to use sftp or ftps?
sftp = ftp based on ssh connections
ftps = ftp with ssl encryption
From your original question it sounded like you were using SFTP, which non of the options you talk about above are needed, nor do they make it any more secure.
sftp = ftp based on ssh connections
ftps = ftp with ssl encryption
From your original question it sounded like you were using SFTP, which non of the options you talk about above are needed, nor do they make it any more secure.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
JordanH155... Isnt that what I said?
ASKER
Now I understand that SFTP uses SSH to connect to server through Terminal, but this can’t be used for browser connection.
I have to use vsftpd to connect through browser and terminal too. To connect to server through browser I use ftp://192.168.1.1 and through terminal I use ftp user@192.168.1.1. The question is that connection secure (encrypted), because I and still using ftp command? or i have to use SSL plugins?
I have to use vsftpd to connect through browser and terminal too. To connect to server through browser I use ftp://192.168.1.1 and through terminal I use ftp user@192.168.1.1. The question is that connection secure (encrypted), because I and still using ftp command? or i have to use SSL plugins?
Well neither of those commands (browser and terminal) are using SFTP. It would be easier to help if we were clear on which technology you are using here.
So let's say your using FTPS, which you have to be if your either using a browser or the ftp command. The server needs to be properly configured for FTPS, which I have always found to be a pain. Here is all the information you will ever need to set up ftps on vsftpd....
http://www.brennan.id.au/14-FTP_Server.html
and here is the information on setting up SSL on vsftpd
http://www.brennan.id.au/14-FTP_Server.html#secure
as far as connecting to the ftps server you will need to specify what kind of encryption you using Implicit SSL, Explicit SSL (Auth SSL), or Explicit TLS (Auth TLS).
I am not sure you can do that in a browser and I am also not sure how to do that in the terminal. I would think using an FTP client would be the easiest thing.
So let's say your using FTPS, which you have to be if your either using a browser or the ftp command. The server needs to be properly configured for FTPS, which I have always found to be a pain. Here is all the information you will ever need to set up ftps on vsftpd....
http://www.brennan.id.au/14-FTP_Server.html
and here is the information on setting up SSL on vsftpd
http://www.brennan.id.au/14-FTP_Server.html#secure
as far as connecting to the ftps server you will need to specify what kind of encryption you using Implicit SSL, Explicit SSL (Auth SSL), or Explicit TLS (Auth TLS).
I am not sure you can do that in a browser and I am also not sure how to do that in the terminal. I would think using an FTP client would be the easiest thing.
Most browsers do not support secure FTP connections. You will need an actual FTP client for that. You should be able to do it with the FireFTP plug-in for firefox though. https://addons.mozilla.org/en-US/firefox/addon/684
Savone: If you look at the timestamp, it was a whole 2 minutes after you posted... I was still writing at the time you posted and did not see it.
Savone: If you look at the timestamp, it was a whole 2 minutes after you posted... I was still writing at the time you posted and did not see it.
ASKER
I have configured SSL on the vsftpd server, how can i connect to ther server from client? is it ftp://ipaddress or ftps://ipaddress.
with ftp://ipaddress, I get the following error:
530 Non-anonymous sessions must use encryption
and ftps://ipaddress give the following error:
Firefox doesn't know how to open this address, because the protocol (ftps) isn't associated with any program
what could be wrong, if it is from client side, do i need to install anything on windows explorer?
with ftp://ipaddress, I get the following error:
530 Non-anonymous sessions must use encryption
and ftps://ipaddress give the following error:
Firefox doesn't know how to open this address, because the protocol (ftps) isn't associated with any program
what could be wrong, if it is from client side, do i need to install anything on windows explorer?
ASKER
thanks,
ASKER
if I want all users to be able to access single directory and stop them from browsing i have to change the following setting under /var/vsftpd/vsftpd.conf
chroot_local_user=YES.