Hi!
On Thu, 21 Oct 2004 11:30:07 -0400, suse@rio.vg
You probably want scponly w/chroot enabled. A type of shell that only allows sftp/scp access. chroot means that the person's home directory will become their root directory, so they can't get outside it.
Thanks. I thought chroot meant setting up a some kind of "virtual" server within another server. I didn't know users can be chrooted. Again, I'm worried about how such a shell would work when the user logs in from the console (at home)? Or do I have to set up 2 accounts for each? That would really make a mess of the file permissions...?
This looks interesting and much cleaner than the chrooted OpenSSH system (which really sounds like a bubblegum patching... is this really something that can not be done with the OpenSSH? How do corporations for example provide SCP/SFTP-file sharing to their customers? Do they use windows or do they just trust the customers to not go knocking around? Or do they all just apply these patches and hope that they can keep up with updates (as YOU probably doesn't handle this kind of stuff... ) I thought this would be the most used configuration for SCP/SFTP and I thought I was just blind to see some obvious switch somewhere... sigh. I guess Linux isn't that safe operating system after all... one really needs to know and be active (=spend lot's of time to get the basic stuff working) to get it safe. Or buy the stuff from SSH. -- HG