sftp allow servral user access single folder

I want to configure Sftp but allow only serveral people access just one folder. I don’t want them to be able to browse to root directory. Is that possible.
rawandnetAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

medveddCommented:
Install scponly:

http://www.sublimation.org/scponly/wiki/index.php/Main_Page

Create users accounts with scponly as shell and the same home directory for these users.
They will able to access only this home directory.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
savoneCommented:
Yes its called chroot jail...

http://www.google.com/#hl=en&q=chroot+jail+sftp+%2Bfedora&aq=f&aqi=&aql=&oq=&gs_rfai=&fp=a2bb30ecf4f91972

There are plenty of links for how to do this on fedora/red hat... See link above.
0
rawandnetAuthor Commented:
I found some think,
if I want all users to be able to access single directory and stop them from browsing i have to change the following setting under /var/vsftpd/vsftpd.conf
chroot_local_user=YES.
0
Cloud Class® Course: Microsoft Office 2010

This course will introduce you to the interfaces and features of Microsoft Office 2010 Word, Excel, PowerPoint, Outlook, and Access. You will learn about the features that are shared between all products in the Office suite, as well as the new features that are product specific.

savoneCommented:
That will work, it will jail them all in their home directories.  Setting chroot_local to yes and setting each user to have the same home directory (the directory you want them to access) will do what you want.
0
rawandnetAuthor Commented:
one more question,
I am using svfptd, this is the secure ftp is in it?
and i used the following to encrypt connections?ssl_enable=YES
allow_anon_ssl=NO
force_local_data_ssl=NO
force_local_logins_ssl=NO
ssl_tlsv1=YES
ssl_sslv2=NO
ssl_sslv3=NO
rsa_cert_file=/etc/vsftpd/vsftpd.pem

and using openssl to create vsftpd.pem file, does that makes it more secure?


0
savoneCommented:
Are you trying to use sftp or ftps?  

sftp = ftp based on ssh connections

ftps = ftp with ssl encryption

From your original question it sounded like you were using SFTP, which non of the options you talk about above are needed, nor do they make it any more secure.
0
JordanH155Commented:
Vsftp will be FTPS not sftp.  Sftp uses the SSH server, not the ftp server.

From http://en.wikipedia.org/wiki/FTPS

"FTPS should not be confused with the SSH File Transfer Protocol (SFTP), an incompatible secure file transfer subsystem for the Secure Shell (SSH) protocol. It is also different from Secure FTP, the practice of tunneling FTP through an SSH connection."
0
savoneCommented:
JordanH155... Isnt that what I said?
0
rawandnetAuthor Commented:
Now I understand that SFTP uses SSH to connect to server through Terminal, but this can’t be used for browser connection.

I have to use vsftpd to connect through browser and terminal too.  To connect to server through browser I use ftp://192.168.1.1 and through terminal I use ftp user@192.168.1.1.  The question is that connection secure (encrypted), because I and still using ftp command? or i have to use SSL plugins?
0
savoneCommented:
Well neither of those commands (browser and terminal) are using SFTP.  It would be easier to help if we were clear on which technology you are using here.

So let's say your using FTPS, which you have to be if your either using a browser or the ftp command.  The server needs to be properly configured for FTPS, which I have always found to be a pain.  Here is all the information you will ever need to set up ftps on vsftpd....

http://www.brennan.id.au/14-FTP_Server.html

and here is the information on setting up SSL on vsftpd
http://www.brennan.id.au/14-FTP_Server.html#secure

as far as connecting to the ftps server you will need to specify what kind of encryption you using Implicit SSL, Explicit SSL (Auth SSL), or Explicit TLS (Auth TLS).

I am not sure you can do that in a browser and I am also not sure how to do that in the terminal.  I would think using an FTP client would be the easiest thing.
0
JordanH155Commented:
Most browsers do not support secure FTP connections.  You will need an actual FTP client for that.  You should be able to do it with the FireFTP plug-in for firefox though.  https://addons.mozilla.org/en-US/firefox/addon/684

Savone:  If you look at the timestamp, it was a whole 2 minutes after you posted...  I was still writing at the time you posted and did not see it.
0
rawandnetAuthor Commented:
I have configured SSL on the vsftpd server, how can i connect to ther server from client? is it ftp://ipaddress or ftps://ipaddress.

with ftp://ipaddress, I get the following error:
530 Non-anonymous sessions must use encryption

and ftps://ipaddress give the following error:
Firefox doesn't know how to open this address, because the protocol (ftps) isn't associated with any program

what could be wrong, if it is from client side, do i need to install anything on windows explorer?
0
rawandnetAuthor Commented:
thanks,
0
savoneCommented:
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Linux Distributions

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.