• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 479
  • Last Modified:

SFTP with Chrooting and without SSH and SCP

We would like to to create a sftp user which
1)Should not able to ssh, scp or telnet to the server .
2)Should able to do only sftp to the server .
3) Should not able to run "df" command
4) Should be restricted within the home directory . it should not able to go beyond the home directory .

Our Approach
 ----------------------

 We ve installed openssh & rssh . Now we are able to meet the above 3 requirements .
 For the fourth one we tried with chroot concept . We ve gone throught the steps given in following links & even few more also .

 http://www.c2group.net/howtos/chroot.html
 http://freshmeat.net/articles/view/1576/
 http://gentoo-wiki.com/HOWTO_SFTP_Server_(chrooted,_without_shell)

 Now if we do sftp are getting connection closed error . But if we remove the chroot sftp is working fine .

 Need your help in this regards . Thanx in advance .
0
raghuni
Asked:
raghuni
4 Solutions
 
xDamoxCommented:
0
 
canaliCommented:
I'm using a charooted ssh in several servers:
http://chrootssh.sourceforge.net/
for building the chroot enviroment I'm using a modified version of this script:
http://www.brandonhutchinson.com/chroot_ssh.html
if u find problem
http://chrootssh.sourceforge.net/docs/faq.html#nologin


for only sftp scp users
sftponly:x:20000:20000:only sftp  user:/home/./sftponly:/usr/lib/sftp-server

Gas
0
 
nociSoftware EngineerCommented:
also there is the scponly product for marshaling ssh services:

http://www.sublimation.org/scponly/

0
 
kblack05Commented:
Sounds like you should check out Xen or other Virtual Machines. You have control over all these aspects and more, as well as being able to move the system while it's being utilized, etc..

http://www.cl.cam.ac.uk/Research/SRG/netos/xen/

Highest regards,

~K Black
0
 
canaliCommented:
why if u need a jail (I think is a little room without windows, with few things) you want to build a prison (also with a big garden)
=> xen is too much ... :)
Gas

0

Featured Post

SMB Security Just Got a Layer Stronger

WatchGuard acquires Percipient Networks to extend protection to the DNS layer, further increasing the value of Total Security Suite.  Learn more about what this means for you and how you can improve your security with WatchGuard today!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now