Solved

SFTP with Chrooting and without SSH and SCP

Posted on 2006-07-07
7
469 Views
Last Modified: 2011-09-20
We would like to to create a sftp user which
1)Should not able to ssh, scp or telnet to the server .
2)Should able to do only sftp to the server .
3) Should not able to run "df" command
4) Should be restricted within the home directory . it should not able to go beyond the home directory .

Our Approach
 ----------------------

 We ve installed openssh & rssh . Now we are able to meet the above 3 requirements .
 For the fourth one we tried with chroot concept . We ve gone throught the steps given in following links & even few more also .

 http://www.c2group.net/howtos/chroot.html
 http://freshmeat.net/articles/view/1576/
 http://gentoo-wiki.com/HOWTO_SFTP_Server_(chrooted,_without_shell)

 Now if we do sftp are getting connection closed error . But if we remove the chroot sftp is working fine .

 Need your help in this regards . Thanx in advance .
0
Comment
Question by:raghuni
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
7 Comments
 
LVL 16

Accepted Solution

by:
xDamox earned 32 total points
ID: 17071910
0
 
LVL 14

Assisted Solution

by:canali
canali earned 31 total points
ID: 17085729
I'm using a charooted ssh in several servers:
http://chrootssh.sourceforge.net/
for building the chroot enviroment I'm using a modified version of this script:
http://www.brandonhutchinson.com/chroot_ssh.html
if u find problem
http://chrootssh.sourceforge.net/docs/faq.html#nologin


for only sftp scp users
sftponly:x:20000:20000:only sftp  user:/home/./sftponly:/usr/lib/sftp-server

Gas
0
 
LVL 40

Assisted Solution

by:noci
noci earned 31 total points
ID: 17121553
also there is the scponly product for marshaling ssh services:

http://www.sublimation.org/scponly/

0
 
LVL 11

Assisted Solution

by:kblack05
kblack05 earned 31 total points
ID: 17150407
Sounds like you should check out Xen or other Virtual Machines. You have control over all these aspects and more, as well as being able to move the system while it's being utilized, etc..

http://www.cl.cam.ac.uk/Research/SRG/netos/xen/

Highest regards,

~K Black
0
 
LVL 14

Expert Comment

by:canali
ID: 17150515
why if u need a jail (I think is a little room without windows, with few things) you want to build a prison (also with a big garden)
=> xen is too much ... :)
Gas

0

Featured Post

Visualize your virtual and backup environments

Create well-organized and polished visualizations of your virtual and backup environments when planning VMware vSphere, Microsoft Hyper-V or Veeam deployments. It helps you to gain better visibility and valuable business insights.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
How to block empty headers and user agents server wide 4 327
IP Tables Application Accept 6 29
CentOS User Audit 3 91
How to get IPA working with samba on RHEL 6? 1 119
​Being a Managed Services Provider (MSP) has presented you  with challenges in the past— and by meeting those challenges you’ve reaped the rewards of success.  In 2014, challenges and rewards remain; but as the Internet and business environment evol…
Hello EE, Today we will learn how to send all your network traffic through Tor which is useful to get around censorship and being tracked all together to a certain degree. This article assumes you will be using Linux, have a minimal knowledge of …
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.
Suggested Courses

739 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question