Hi,
As per the subject line - if I look up setting up chroot jails for SFTP over SSH2 I'm led to various Web sites and patches and also to a CentOS wiki page dated 2005, but what's the 'best' or 'correct' way to set this up for Centos 4.5 and 5?
Thanks
On 9/5/07, Nigel Kendrick support-lists@petdoctors.co.uk wrote:
Hi,
As per the subject line - if I look up setting up chroot jails for SFTP over SSH2 I'm led to various Web sites and patches and also to a CentOS wiki page dated 2005, but what's the 'best' or 'correct' way to set this up for Centos 4.5 and 5?
We use rssh (http://www.pizzashack.org/rssh/). Seems to work fine. Its a bit of setup, but not really that bad of one...james
On 9/5/07, Nigel Kendrick support-lists@petdoctors.co.uk wrote:
As per the subject line - if I look up setting up chroot jails for SFTP over SSH2 I'm led to various Web sites and patches and also to a CentOS wiki page dated 2005, but what's the 'best' or 'correct' way to set this up for Centos 4.5 and 5?
You might want to check out 'scponly' which is available in the rpmforge repository -> http://dag.wieers.com/rpm/packages/scponly/
Nigel Kendrick wrote:
As per the subject line - if I look up setting up chroot jails for SFTP over SSH2 I'm led to various Web sites and patches and also to a CentOS wiki page dated 2005, but what's the 'best' or 'correct' way to set this up for Centos 4.5 and 5?
Yeah, it's going to be a patch/hack until chroot is native to openssh which might never happen.
rssh and scponly are the two to look at (I use rssh).
If sftp is not a requirement, you should really look into ftp/tls aka ftps. You can use vsftpd and it natively does chroot and even virtual users. A simple config change to do tls and you get certificate-based security.
Also, nearly every Windows & Mac gui ftp client supports ftps for free or in their "basic" version (some clients require "pro" versions to get sftp capability).
johnn
-
James Olin Oden -
Jim Perrin -
Johnn Tan -
Nigel Kendrick