Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

SFTP with Chrooting and without SSH and SCP

Posted on 2006-07-07
7
Medium Priority
?
478 Views
Last Modified: 2011-09-20
We would like to to create a sftp user which
1)Should not able to ssh, scp or telnet to the server .
2)Should able to do only sftp to the server .
3) Should not able to run "df" command
4) Should be restricted within the home directory . it should not able to go beyond the home directory .

Our Approach
 ----------------------

 We ve installed openssh & rssh . Now we are able to meet the above 3 requirements .
 For the fourth one we tried with chroot concept . We ve gone throught the steps given in following links & even few more also .

 http://www.c2group.net/howtos/chroot.html
 http://freshmeat.net/articles/view/1576/
 http://gentoo-wiki.com/HOWTO_SFTP_Server_(chrooted,_without_shell)

 Now if we do sftp are getting connection closed error . But if we remove the chroot sftp is working fine .

 Need your help in this regards . Thanx in advance .
0
Comment
Question by:raghuni
7 Comments
 
LVL 16

Accepted Solution

by:
xDamox earned 128 total points
ID: 17071910
0
 
LVL 14

Assisted Solution

by:canali
canali earned 124 total points
ID: 17085729
I'm using a charooted ssh in several servers:
http://chrootssh.sourceforge.net/
for building the chroot enviroment I'm using a modified version of this script:
http://www.brandonhutchinson.com/chroot_ssh.html
if u find problem
http://chrootssh.sourceforge.net/docs/faq.html#nologin


for only sftp scp users
sftponly:x:20000:20000:only sftp  user:/home/./sftponly:/usr/lib/sftp-server

Gas
0
 
LVL 40

Assisted Solution

by:noci
noci earned 124 total points
ID: 17121553
also there is the scponly product for marshaling ssh services:

http://www.sublimation.org/scponly/

0
 
LVL 11

Assisted Solution

by:kblack05
kblack05 earned 124 total points
ID: 17150407
Sounds like you should check out Xen or other Virtual Machines. You have control over all these aspects and more, as well as being able to move the system while it's being utilized, etc..

http://www.cl.cam.ac.uk/Research/SRG/netos/xen/

Highest regards,

~K Black
0
 
LVL 14

Expert Comment

by:canali
ID: 17150515
why if u need a jail (I think is a little room without windows, with few things) you want to build a prison (also with a big garden)
=> xen is too much ... :)
Gas

0

Featured Post

Lessons on Wi-Fi & Recommendations on KRACK

Simplicity and security can be a difficult  balance for any business to tackle. Join us on December 6th for a look at your company's biggest security gap. We will also address the most recent attack, "KRACK" and provide recommendations on how to secure your Wi-Fi network today!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

​Being a Managed Services Provider (MSP) has presented you  with challenges in the past— and by meeting those challenges you’ve reaped the rewards of success.  In 2014, challenges and rewards remain; but as the Internet and business environment evol…
Hello EE, Today we will learn how to send all your network traffic through Tor which is useful to get around censorship and being tracked all together to a certain degree. This article assumes you will be using Linux, have a minimal knowledge of …
This course is ideal for IT System Administrators working with VMware vSphere and its associated products in their company infrastructure. This course teaches you how to install and maintain this virtualization technology to store data, prevent vuln…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an anti-spam), the admin…
Suggested Courses

886 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question