Hello Rico, Friday, April 27, 2007, 2:25:59 PM, you wrote:
>> I don't know if it is a good idea or not, but I read about >> this patch yesterday and at first, I was pretty excited. I >> have been handed the requirement to move an FTP server to >> "something" more secure. All the other requirements that >> have been given to me for this have very strongly pointed >> right to SSH/SFTP. However, I have yet to figure out how >> to chroot users into their home folders with SFTP and that >> is unfortuneately what the boss wants. If someone knows >> how to do this without patches like these Please let me >> know. Otherwise, I will have to keep looking. I certianly >> know enough from lurking on this list to know that if there >> are this many people on the list opposed to something there >> has got to be something wrong with it and I don't want it. >> >> No patch for me please! We are using the chrootssh.sourceforge.net for our production ftp/sftp server. For an additional security we set sftp users shell to /usr/libexec/openssh/sftp-server. I consider that patch as "semi-official". But it sounds like you don't want *any* patches. You can use a commercial ssh - they have chroot feature (similar to the chrootssh). You can also use ftp over ssh2 (we also use it). ssh does encryption and authentication, ftp - speed (it's faster than sftp) and chroot. You'll just need to set up ssh to listen out and ftp - on the localhost only. Downside is that I haven't heard about free client supporting it. But if you can afford to buy something like www.vandyke.com/products/securefx/index.html for every user (or force them to buy it) - this solution is for you. -- Best regards, Boris mailto:[EMAIL PROTECTED]
