Solved

SFTP with Chrooting and without SSH and SCP

Posted on 2006-07-07
7
471 Views
Last Modified: 2011-09-20
We would like to to create a sftp user which
1)Should not able to ssh, scp or telnet to the server .
2)Should able to do only sftp to the server .
3) Should not able to run "df" command
4) Should be restricted within the home directory . it should not able to go beyond the home directory .

Our Approach
 ----------------------

 We ve installed openssh & rssh . Now we are able to meet the above 3 requirements .
 For the fourth one we tried with chroot concept . We ve gone throught the steps given in following links & even few more also .

 http://www.c2group.net/howtos/chroot.html
 http://freshmeat.net/articles/view/1576/
 http://gentoo-wiki.com/HOWTO_SFTP_Server_(chrooted,_without_shell)

 Now if we do sftp are getting connection closed error . But if we remove the chroot sftp is working fine .

 Need your help in this regards . Thanx in advance .
0
Comment
Question by:raghuni
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
7 Comments
 
LVL 16

Accepted Solution

by:
xDamox earned 32 total points
ID: 17071910
0
 
LVL 14

Assisted Solution

by:canali
canali earned 31 total points
ID: 17085729
I'm using a charooted ssh in several servers:
http://chrootssh.sourceforge.net/
for building the chroot enviroment I'm using a modified version of this script:
http://www.brandonhutchinson.com/chroot_ssh.html
if u find problem
http://chrootssh.sourceforge.net/docs/faq.html#nologin


for only sftp scp users
sftponly:x:20000:20000:only sftp  user:/home/./sftponly:/usr/lib/sftp-server

Gas
0
 
LVL 40

Assisted Solution

by:noci
noci earned 31 total points
ID: 17121553
also there is the scponly product for marshaling ssh services:

http://www.sublimation.org/scponly/

0
 
LVL 11

Assisted Solution

by:kblack05
kblack05 earned 31 total points
ID: 17150407
Sounds like you should check out Xen or other Virtual Machines. You have control over all these aspects and more, as well as being able to move the system while it's being utilized, etc..

http://www.cl.cam.ac.uk/Research/SRG/netos/xen/

Highest regards,

~K Black
0
 
LVL 14

Expert Comment

by:canali
ID: 17150515
why if u need a jail (I think is a little room without windows, with few things) you want to build a prison (also with a big garden)
=> xen is too much ... :)
Gas

0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

​Being a Managed Services Provider (MSP) has presented you  with challenges in the past— and by meeting those challenges you’ve reaped the rewards of success.  In 2014, challenges and rewards remain; but as the Internet and business environment evol…
Fine Tune your automatic Updates for Ubuntu / Debian
In this video we outline the Physical Segments view of NetCrunch network monitor. By following this brief how-to video, you will be able to learn how NetCrunch visualizes your network, how granular is the information collected, as well as where to f…
In this video you will find out how to export Office 365 mailboxes using the built in eDiscovery tool. Bear in mind that although this method might be useful in some cases, using PST files as Office 365 backup is troublesome in a long run (more on t…
Suggested Courses

626 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question