If you want FTP use FTP. You actually have more control with a typical ftp server. If you wouldn't trust them to ssh into your server you shouldn't allow them to sftp into the server.

What? Of course you can chroot an sftp user and of course you can make a user that can only sftp and nothing else, not even get a login via ssh. I've been doing so for years, and on several OS's let alone linux. It's merely easier with ftp since there are point and drool options right in yast. I've been doing this: http://chrootssh.sourceforge.net/docs/chrootedsftp.html for years and years, on sco open server, linux, freebsd, solaris But today you don't even have to do that. Just get the latest openssh from source (which means probably updated versions of several libraries it depends on too) and use the new built-in ChrootDirectory feature. I think there needs to be a new acronym RTFGR (... google results) A reasonable question for here would have been does anyone know of a pre-built opensuse rpm of openssh that's new enough to include the new feature, or does anyone have a simplified, opensuse specific recipe for updating openssh to the latest source version. Google again tells you in far less time nd with far more authority than waiting for responses from a mail list, that opensuse 11.0 uses openssh5.0 already, and so, no hackery required. Not only don't you need source, you don't even need to use a factory or build-service repo, just plain old stock opensuse 11.0 Then if the regular docs are't simple enough, this dude made a not exactly great, but, simple and working recipe to follow here. Install opensuse 11.0 or at least the openssh from opensuse 11.0, then go here and skip to step 7. http://adamsworld.name/chrootjail5.php Then run "rcsshd restart" before trying to test. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Thank you, Brian. That was exactly what I was looking for; an out-the-box solution. I had found several sites referring to downloading the latest openssh, but I was hoping that there was an rpm package out there that I could try beforehand. Thanks for the instructions and I'll post my results. Best, ~James -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org