Re: sftp virtual root directory
Have a look at the SSL/TLS module for ProFTPD: http://www.castaglia.org/proftpd/doc/contrib/ProFTPD-mini-HOWTO-TLS.html ProFTPD has a setting to set the default root. I use "DefaultRoot ~" to keep users inside their home directory. At 12:51 AM 12/29/2003, you wrote: Zitiere staf wagemakers <[EMAIL PROTECTED]>: > > Is there any way I can configure a virtual root via sftp (not scp, as > this > > requires interactive login capability (it does, doesn't it?)) so that > when > > they login with an sftp client, the sftp-server recognizes the > username/pass > > and directs them to their personal little piece of www-space? > > > > I run Debian 3.0-something with kernel 2.4.18 and ssh -V gives: > > OpenSSH_3.4p1 Debian 1:3.4p1-1.woody.3, SSH protocols 1.5/2.0, > OpenSSL > > 0x0090603f > > > > Take a look at scponly ( http://freshmeat.net/projects/scponly ), I > never used it myself, but it seems to be the missing piece of SSH. hi. as i have searched the web for a similar topic and have found nothing (yet), i'd like to add another question: "scponly" seems to be a simple shell-substitution. thus all users that are given /usr/bin/scponly as shell will have only very limited access to a server. (e.g: using "ssh") now, i want my users to use "ssh" for logging into my machines. "sftp" should be used as a replacement for "ftp". now i want all users of "sftp" to have a restricted access (to be precise: i want a root-jail like it is provided by (pro)ftp)) however, when a user is smart enough to now about the joys of "ssh", s/he should be able to login using the secure-shell, without any restrictions (provided by the shell; e.g: no root-jail should be made,...) is this possible ? probably with pam ? but i guess ssh and sftp appear to be the very same from the PAM-side. is this true ? mfg.ca.ats IOhannes -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: sftp virtual root directory
Have a look at the SSL/TLS module for ProFTPD: http://www.castaglia.org/proftpd/doc/contrib/ProFTPD-mini-HOWTO-TLS.html ProFTPD has a setting to set the default root. I use "DefaultRoot ~" to keep users inside their home directory. At 12:51 AM 12/29/2003, you wrote: Zitiere staf wagemakers <[EMAIL PROTECTED]>: > > Is there any way I can configure a virtual root via sftp (not scp, as > this > > requires interactive login capability (it does, doesn't it?)) so that > when > > they login with an sftp client, the sftp-server recognizes the > username/pass > > and directs them to their personal little piece of www-space? > > > > I run Debian 3.0-something with kernel 2.4.18 and ssh -V gives: > > OpenSSH_3.4p1 Debian 1:3.4p1-1.woody.3, SSH protocols 1.5/2.0, > OpenSSL > > 0x0090603f > > > > Take a look at scponly ( http://freshmeat.net/projects/scponly ), I > never used it myself, but it seems to be the missing piece of SSH. hi. as i have searched the web for a similar topic and have found nothing (yet), i'd like to add another question: "scponly" seems to be a simple shell-substitution. thus all users that are given /usr/bin/scponly as shell will have only very limited access to a server. (e.g: using "ssh") now, i want my users to use "ssh" for logging into my machines. "sftp" should be used as a replacement for "ftp". now i want all users of "sftp" to have a restricted access (to be precise: i want a root-jail like it is provided by (pro)ftp)) however, when a user is smart enough to now about the joys of "ssh", s/he should be able to login using the secure-shell, without any restrictions (provided by the shell; e.g: no root-jail should be made,...) is this possible ? probably with pam ? but i guess ssh and sftp appear to be the very same from the PAM-side. is this true ? mfg.ca.ats IOhannes -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: sftp virtual root directory
Zitiere staf wagemakers <[EMAIL PROTECTED]>: > > Is there any way I can configure a virtual root via sftp (not scp, as > this > > requires interactive login capability (it does, doesn't it?)) so that > when > > they login with an sftp client, the sftp-server recognizes the > username/pass > > and directs them to their personal little piece of www-space? > > > > I run Debian 3.0-something with kernel 2.4.18 and ssh -V gives: > > OpenSSH_3.4p1 Debian 1:3.4p1-1.woody.3, SSH protocols 1.5/2.0, > OpenSSL > > 0x0090603f > > > > Take a look at scponly ( http://freshmeat.net/projects/scponly ), I > never used it myself, but it seems to be the missing piece of SSH. hi. as i have searched the web for a similar topic and have found nothing (yet), i'd like to add another question: "scponly" seems to be a simple shell-substitution. thus all users that are given /usr/bin/scponly as shell will have only very limited access to a server. (e.g: using "ssh") now, i want my users to use "ssh" for logging into my machines. "sftp" should be used as a replacement for "ftp". now i want all users of "sftp" to have a restricted access (to be precise: i want a root-jail like it is provided by (pro)ftp)) however, when a user is smart enough to now about the joys of "ssh", s/he should be able to login using the secure-shell, without any restrictions (provided by the shell; e.g: no root-jail should be made,...) is this possible ? probably with pam ? but i guess ssh and sftp appear to be the very same from the PAM-side. is this true ? mfg.ca.ats IOhannes
Re: sftp virtual root directory
Zitiere staf wagemakers <[EMAIL PROTECTED]>: > > Is there any way I can configure a virtual root via sftp (not scp, as > this > > requires interactive login capability (it does, doesn't it?)) so that > when > > they login with an sftp client, the sftp-server recognizes the > username/pass > > and directs them to their personal little piece of www-space? > > > > I run Debian 3.0-something with kernel 2.4.18 and ssh -V gives: > > OpenSSH_3.4p1 Debian 1:3.4p1-1.woody.3, SSH protocols 1.5/2.0, > OpenSSL > > 0x0090603f > > > > Take a look at scponly ( http://freshmeat.net/projects/scponly ), I > never used it myself, but it seems to be the missing piece of SSH. hi. as i have searched the web for a similar topic and have found nothing (yet), i'd like to add another question: "scponly" seems to be a simple shell-substitution. thus all users that are given /usr/bin/scponly as shell will have only very limited access to a server. (e.g: using "ssh") now, i want my users to use "ssh" for logging into my machines. "sftp" should be used as a replacement for "ftp". now i want all users of "sftp" to have a restricted access (to be precise: i want a root-jail like it is provided by (pro)ftp)) however, when a user is smart enough to now about the joys of "ssh", s/he should be able to login using the secure-shell, without any restrictions (provided by the shell; e.g: no root-jail should be made,...) is this possible ? probably with pam ? but i guess ssh and sftp appear to be the very same from the PAM-side. is this true ? mfg.ca.ats IOhannes -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: sftp virtual root directory
On Sun, Dec 28, 2003 at 12:07:45AM +0100, [EMAIL PROTECTED] wrote: > > I'm running a little "family-ISP-server" for domain hosting of our family > name-domain (e-mail, www, etc). My family members cannot login interactively > via ssh but they can pop3 and of course have access to Apache services. > > Is there any way I can configure a virtual root via sftp (not scp, as this > requires interactive login capability (it does, doesn't it?)) so that when > they login with an sftp client, the sftp-server recognizes the username/pass > and directs them to their personal little piece of www-space? > > I run Debian 3.0-something with kernel 2.4.18 and ssh -V gives: > OpenSSH_3.4p1 Debian 1:3.4p1-1.woody.3, SSH protocols 1.5/2.0, OpenSSL > 0x0090603f > Take a look at scponly ( http://freshmeat.net/projects/scponly ), I never used it myself, but it seems to be the missing piece of SSH. -- Staf Wagemakers email: staf at patat.org homepage: http://staf.patat.org
Re: sftp virtual root directory
On Sun, Dec 28, 2003 at 12:07:45AM +0100, [EMAIL PROTECTED] wrote: > > I'm running a little "family-ISP-server" for domain hosting of our family > name-domain (e-mail, www, etc). My family members cannot login interactively > via ssh but they can pop3 and of course have access to Apache services. > > Is there any way I can configure a virtual root via sftp (not scp, as this > requires interactive login capability (it does, doesn't it?)) so that when > they login with an sftp client, the sftp-server recognizes the username/pass > and directs them to their personal little piece of www-space? > > I run Debian 3.0-something with kernel 2.4.18 and ssh -V gives: > OpenSSH_3.4p1 Debian 1:3.4p1-1.woody.3, SSH protocols 1.5/2.0, OpenSSL > 0x0090603f > Take a look at scponly ( http://freshmeat.net/projects/scponly ), I never used it myself, but it seems to be the missing piece of SSH. -- Staf Wagemakers email: staf at patat.org homepage: http://staf.patat.org -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
sftp virtual root directory
Hello everybody, I'm running a little "family-ISP-server" for domain hosting of our family name-domain (e-mail, www, etc). My family members cannot login interactively via ssh but they can pop3 and of course have access to Apache services. Is there any way I can configure a virtual root via sftp (not scp, as this requires interactive login capability (it does, doesn't it?)) so that when they login with an sftp client, the sftp-server recognizes the username/pass and directs them to their personal little piece of www-space? I run Debian 3.0-something with kernel 2.4.18 and ssh -V gives: OpenSSH_3.4p1 Debian 1:3.4p1-1.woody.3, SSH protocols 1.5/2.0, OpenSSL 0x0090603f greetings, Wouter.
sftp virtual root directory
Hello everybody, I'm running a little "family-ISP-server" for domain hosting of our family name-domain (e-mail, www, etc). My family members cannot login interactively via ssh but they can pop3 and of course have access to Apache services. Is there any way I can configure a virtual root via sftp (not scp, as this requires interactive login capability (it does, doesn't it?)) so that when they login with an sftp client, the sftp-server recognizes the username/pass and directs them to their personal little piece of www-space? I run Debian 3.0-something with kernel 2.4.18 and ssh -V gives: OpenSSH_3.4p1 Debian 1:3.4p1-1.woody.3, SSH protocols 1.5/2.0, OpenSSL 0x0090603f greetings, Wouter. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]