On 9/18/06, Francois Visconte <[EMAIL PROTECTED]> wrote:
Hello,
You can create a chrooted environment for another ssh server:
1/ ldd sshd and sftp-server binaries and copy dependencies
2/ copy
/etc/{group,hosts,passwd,protocols,pwd.db,resolv.conf,services,ttys} and
/bin/{cat,pwd,rm,sh} into your chroot
3/ modify /etc/ files to change users groups ...
3bis/ run pwd_mkdb(8) with appropriate options to regenerate password
db into your chrooted env
4/ create devices /dev/{log,null,random,...} in your chrooted env
5/ configure your ssh server to listen on another port than 22 if there
is already one on this machine
6/ put "chroot /my_chroot /usr/sbin/sshd" in your rc.local
7/ make a script to apply userland upgrades to your chroot env
For each user ? Noo it's not for me.
...Or....
You can create a systrace policy for a sshd instance dedicated to sftp
service
This sems to be better way.
Whatever, it will be nice to have builtin chroot in sftp-sever. Such
in ftpd. But I suppose it's technicaly impossible.
Thanks for help
Bambero
Cheers,
Frangois Visconte
Bambero wrote:
> Seems to work fine but it's still not chrooted environment. Users have
> access to a whole system.
>
> On 9/18/06, Francois Visconte <[EMAIL PROTECTED]> wrote:
>
>> Hello,
>> Try changing sftp-only user's shell to /usr/libexec/sftp-server
>>
>> Cheers,
>> Frangois Visconte
>>
>> Bambero wrote:
>>
>> > Hello
>> >
>> > Is there any good way to setup chrooted sftp-server without shell
>> > access ?
>> >
>> > I tried scponly but it's not secure enough (I heard), there is no port
>> > for openbsd,
>> > and I had problems to set it up.
>> >
>> > Second way is rssh, but compilation fails becouse of worexp.
>> >
>> > Now I'm using ftpd but I want to change it becouse of text/plain
>> > passwords.
>> >
>> > Any suggestions ?
>> >
>> > Bambero