RE: [opensuse] sftp, howto chroot users to their home directories
On Thu, Aug 28, 2008 at 1:14 PM, James D. Parra <Jamesp@musicreports.com> wrote:
Hello,
I set up secure ftp by editing sshd_config and tried using 'sftp' to log in, but found that I am not locked into my home dir. How can I chroot users into their home dir's sftp or an sftp client? On another note, is there an sftp server that folks recommend?
Thank you,
Sftp is an ssh connection. Once they have ssh connection they can access anything that they could access if they were signed in locally. They can download anything they can see. So you have to manage it with permissions. However, it sounds to me like you are up the wrong tree barking. If you want FTP use FTP. You actually have more control with a typical ftp server. If you wouldn't trust them to ssh into your server you shouldn't allow them to sftp into the server. ~~~~~~~~~~~~~~~~~~~~` I wouldn't agree with that. Outside clients want the security of sftp and I would want them locked into their home directory without the ability of 'cd'ing up the dir tree and into other client's home directories. Simple ftp does not offer a secure connection. There must be a way to accomplish this. Best, ~James -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
James D. Parra wrote:
I wouldn't agree with that. Outside clients want the security of sftp and I would want them locked into their home directory without the ability of 'cd'ing up the dir tree and into other client's home directories. Simple ftp does not offer a secure connection.
There must be a way to accomplish this.
Try setting their user to use rbash as their shell instead of bash. That should do what you want. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Thu, Aug 28, 2008 at 5:27 PM, James D. Parra <Jamesp@musicreports.com> wrote:
Outside clients want the security of sftp and I would want them locked into their home directory without the ability of 'cd'ing up the dir tree and into other client's home directories.
Why would they have that ability to cd into other people's directories? If the machine is set up correctly they can't see other people's directories. You seem to be lobbying for a daemon to do the administrator's job of properly setting directory permissions. If the machine is set up in-securely adding another Kludge on top of that is just wrong. Use the tools at hand before you ask for new ones. -- ----------JSA--------- Someone stole my tag line, so now I have this rental. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
participants (3)
-
James D. Parra -
Joe Morris -
John Andersen