On Mon, Mar 1, 2010 at 5:27 PM, Glenn Cogle <gco...@gmail.com> wrote: > My server is debian 3.1, openssh 3.8.1p1 & vsftpd 2.0.3 - not exactly > cutting edge, but it works. > > (4) build a new server with later OS + ssh
Well, a Debian 3.1 server is very old. Debian have just dropped security support for 4. I'd recommend an upgrade on general principals. Also, do your file-transferring users have to be real system users in any other sense? If the only reason they have a 'home' directory is to transfer files into, that's a lot you don't have to worry about. Gove them rssh and restrict them to sftp ... passwd: username:x:1005:33:SFTP access to username:/SFTP-CHROOTusername:/usr/bin/rssh Files: drwxr-xr-x 2 root root 4096 2006-10-28 03:39 etc drwxr-xr-x 4 username root 4096 2006-11-06 09:22 website drwxr-xr-x 2 root root 4096 2006-11-06 09:12 lib drwxr-xr-x 4 root root 4096 2006-11-06 08:19 usr $ tree etc lib usr etc `-- passwd lib |-- ld-2.3.6.so |-- ld-linux.so.2 -> ld-2.3.6.so |-- libc-2.3.6.so |-- libc.so.6 -> libc-2.3.6.so |-- libcom_err.so.2 -> libcom_err.so.2.1 |-- libcom_err.so.2.1 |-- libcrypt-2.3.6.so |-- libcrypt.so.1 -> libcrypt-2.3.6.so |-- libdl-2.3.6.so |-- libdl.so.2 -> libdl-2.3.6.so |-- libnsl-2.3.6.so |-- libnsl.so.1 -> libnsl-2.3.6.so |-- libresolv-2.3.6.so |-- libresolv.so.2 -> libresolv-2.3.6.so |-- libselinux.so.1 |-- libsepol.so.1 |-- libutil-2.3.6.so `-- libutil.so.1 -> libutil-2.3.6.so usr |-- bin | `-- rssh `-- lib |-- i686 | `-- cmov | `-- libcrypto.so.0.9.8 |-- libgssapi_krb5.so.2 -> libgssapi_krb5.so.2.2 |-- libgssapi_krb5.so.2.2 |-- libk5crypto.so.3 -> libk5crypto.so.3.0 |-- libk5crypto.so.3.0 |-- libkrb5.so.3 -> libkrb5.so.3.2 |-- libkrb5.so.3.2 |-- libkrb5support.so.0 -> libkrb5support.so.0.0 |-- libkrb5support.so.0.0 |-- libz.so.1 -> libz.so.1.2.3 |-- libz.so.1.2.3 |-- openssh | `-- sftp-server |-- rssh | `-- rssh_chroot_helper `-- sftp-server -> openssh/sftp-server You could hardlink the usr and lib directories from an sftp-chroot template, then just give each user a unique etc/passwd and you're on your way ... -jim