Am 05.01.2012 um 16:37 schrieb Wolfgang Zenker: > Hi everyone, > > * Matthew Seaman <m.sea...@infracaninophile.co.uk> [120105 14:38]: >> On 05/01/2012 12:47, Karl Denninger wrote: >>> Not SFTP (which is supported by the sshd) but FTPS.... is it supported >>> by FreeBSD? > >> No, not supported in the base system. > >>> [..] >> However, personally, I'd avoid FTPS. It suffers from most of the design >> flaws of standard FTP[*], particularly as regards passing through >> firewalls. Worse, because the traffic is encrypted, you can't even use >> tools like ftp-proxy (in ports as ftp/ftp-proxy) to extract transient >> port numbers by deep packet inspection. As far as your users are >> concerned, just use SFTP. It behaves exactly like an ordinary FTP >> client, but the underlying SSH protocol over the network is way, way >> better designed. > > Well, the problem I have here is at the server side: ftp users can be > locked in a particular subtree of the file system by simply assigning > them a chrooted login class. No need to setup any infrastructure in > that subtree itself. Did not find out how to do this with sftp (we only > allow publickey authentication with ssh at our servers) > > Wolfgang
It is possible. See the chroot configuration in the man-page for sshd_config If you have a sufficiently complete chroot-environment, you can even do chroot'ed ssh login sessions. Rainer _______________________________________________ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"
