On Mon, 2010-03-01 at 17:27 +1300, Glenn Cogle wrote: > I want to chroot my sftp users to their respective home directories, > but apparently this isn't the default behaviour. > > My server is debian 3.1, openssh 3.8.1p1 & vsftpd 2.0.3 - not exactly > cutting edge, but it works. > > Apparently (much) later implemetations of OpenSSH (v4.9+) include > facilities for chrooting sftp & ssh users. > > I suppose my choices are > > (1) hack existing ssh > (2) devise some workaround - perhaps using permissions > (3) upgrade ssh, and probably the OS as requirements dictate > (4) build a new server with later OS + ssh > (5) something else I havn't thought of yet > > Interested in comments from those who have been here....... > > GC Having been there very recently ( I now have chrooted sftp access working for virtualmin ), I recommend just compiling up the latest openssh from source, and using the internal sftp server. I run the original on a non-standard port, and the latest on port 22, which is quite easy, as the config files are in a dfferent place if you use defaults.
It is a bit of a PITA, as the root directory have to be owned by root, permissions 755, which means that everything has to be located in (pre-created) subdirectories, which means some work to /etc/skel. However, once up and running it's something you can just forget. I would also recommend updating, as etch ( 4.0 ) was end of lifed a week ago! hth, Steve -- Steve Holdoway <st...@greengecko.co.nz> http://www.greengecko.co.nz MSN: st...@greengecko.co.nz GPG Fingerprint = B337 828D 03E1 4F11 CB90 853C C8AB AF04 EF68 52E0
signature.asc
Description: This is a digitally signed message part