On 9/18/06, Francois Visconte <[EMAIL PROTECTED]> wrote:
Hello,You can create a chrooted environment for another ssh server: 1/ ldd sshd and sftp-server binaries and copy dependencies 2/ copy /etc/{group,hosts,passwd,protocols,pwd.db,resolv.conf,services,ttys} and /bin/{cat,pwd,rm,sh} into your chroot 3/ modify /etc/ files to change users groups ... 3bis/ run pwd_mkdb(8) with appropriate options to regenerate password db into your chrooted env 4/ create devices /dev/{log,null,random,...} in your chrooted env 5/ configure your ssh server to listen on another port than 22 if there is already one on this machine 6/ put "chroot /my_chroot /usr/sbin/sshd" in your rc.local 7/ make a script to apply userland upgrades to your chroot env
For each user ? Noo it's not for me.
...Or.... You can create a systrace policy for a sshd instance dedicated to sftp service
This sems to be better way. Whatever, it will be nice to have builtin chroot in sftp-sever. Such in ftpd. But I suppose it's technicaly impossible. Thanks for help Bambero
Cheers, Frangois Visconte Bambero wrote: > Seems to work fine but it's still not chrooted environment. Users have > access to a whole system. > > On 9/18/06, Francois Visconte <[EMAIL PROTECTED]> wrote: > >> Hello, >> Try changing sftp-only user's shell to /usr/libexec/sftp-server >> >> Cheers, >> Frangois Visconte >> >> Bambero wrote: >> >> > Hello >> > >> > Is there any good way to setup chrooted sftp-server without shell >> > access ? >> > >> > I tried scponly but it's not secure enough (I heard), there is no port >> > for openbsd, >> > and I had problems to set it up. >> > >> > Second way is rssh, but compilation fails becouse of worexp. >> > >> > Now I'm using ftpd but I want to change it becouse of text/plain >> > passwords. >> > >> > Any suggestions ? >> > >> > Bambero
