Solved

SFTP with Chrooting and without SSH and SCP

Posted on 2006-07-07
7
463 Views
Last Modified: 2011-09-20
We would like to to create a sftp user which
1)Should not able to ssh, scp or telnet to the server .
2)Should able to do only sftp to the server .
3) Should not able to run "df" command
4) Should be restricted within the home directory . it should not able to go beyond the home directory .

Our Approach
 ----------------------

 We ve installed openssh & rssh . Now we are able to meet the above 3 requirements .
 For the fourth one we tried with chroot concept . We ve gone throught the steps given in following links & even few more also .

 http://www.c2group.net/howtos/chroot.html
 http://freshmeat.net/articles/view/1576/
 http://gentoo-wiki.com/HOWTO_SFTP_Server_(chrooted,_without_shell)

 Now if we do sftp are getting connection closed error . But if we remove the chroot sftp is working fine .

 Need your help in this regards . Thanx in advance .
0
Comment
Question by:raghuni
7 Comments
 
LVL 16

Accepted Solution

by:
xDamox earned 32 total points
ID: 17071910
0
 
LVL 14

Assisted Solution

by:canali
canali earned 31 total points
ID: 17085729
I'm using a charooted ssh in several servers:
http://chrootssh.sourceforge.net/
for building the chroot enviroment I'm using a modified version of this script:
http://www.brandonhutchinson.com/chroot_ssh.html
if u find problem
http://chrootssh.sourceforge.net/docs/faq.html#nologin


for only sftp scp users
sftponly:x:20000:20000:only sftp  user:/home/./sftponly:/usr/lib/sftp-server

Gas
0
 
LVL 40

Assisted Solution

by:noci
noci earned 31 total points
ID: 17121553
also there is the scponly product for marshaling ssh services:

http://www.sublimation.org/scponly/

0
 
LVL 11

Assisted Solution

by:kblack05
kblack05 earned 31 total points
ID: 17150407
Sounds like you should check out Xen or other Virtual Machines. You have control over all these aspects and more, as well as being able to move the system while it's being utilized, etc..

http://www.cl.cam.ac.uk/Research/SRG/netos/xen/

Highest regards,

~K Black
0
 
LVL 14

Expert Comment

by:canali
ID: 17150515
why if u need a jail (I think is a little room without windows, with few things) you want to build a prison (also with a big garden)
=> xen is too much ... :)
Gas

0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
SSL question 7 91
discontinue use of the VeriSign G2 Root Certificate 9 85
How to use Rainbow Tables 6 90
iptables nat port range centos 6.x 21 107
Hello EE, Today we will learn how to send all your network traffic through Tor which is useful to get around censorship and being tracked all together to a certain degree. This article assumes you will be using Linux, have a minimal knowledge of …
Fine Tune your automatic Updates for Ubuntu / Debian
This tutorial demonstrates a quick way of adding group price to multiple Magento products.
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

932 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now