Re: [osol-help] How to jail SFTP

2010-03-13 Thread Michelle Knight
Thank you aidanjl, I have now found a new problem. I was already using 16 groups :-( I'll have to sit down and think through my group handling and see what I can do. Many thanks for the effort; once I've worked out my group limit issue, I'll give it a go. Michelle. -- This message posted fro

Re: [osol-help] How to jail SFTP

2010-03-11 Thread Aidan Lawn
Ok I just tried this on my opensolaris laptop (build 130) and it works fine, give this a go: Step 1: Setup user r...@milwaukee:~# groupadd sftponly r...@milwaukee:~# r...@milwaukee:~# useradd -g sftponly -m -d /export/home/user1 -s /usr/bin/false user1 80 blocks r...@milwaukee:~# r...@milwauk

Re: [osol-help] How to jail SFTP

2010-03-09 Thread Aidan Lawn
Hey not sure why its not working for you, from your post it looks like you have done it right. Like I said I've only actually set this up on ubuntu, not solaris, but I used this guide when I did it: http://www.minstrel.org.uk/papers/sftp/builtin/ It has a bit on setting the home directory to be

Re: [osol-help] How to jail SFTP

2010-03-09 Thread Michelle Knight
Nope, didn't work. Rather than lock them in and prevent going up, it stopped them going down to the chroot directory in the first place. Ah well. -- This message posted from opensolaris.org ___ opensolaris-help mailing list opensolaris-help@opensolar

Re: [osol-help] How to jail SFTP

2010-03-09 Thread Michelle Knight
I'll see if I can get around the jail with folder permissions, and I'll report back. -- This message posted from opensolaris.org ___ opensolaris-help mailing list opensolaris-help@opensolaris.org

Re: [osol-help] How to jail SFTP

2010-03-09 Thread Michelle Knight
Thanks, I ended up using... Match group sftponly ChrootDirectory /home/%u X11Forwarding no AllowTcpForwarding no ForceCommand internal-sftp ... but the ForceCommand line failed /etc/ssh/sshd_config: line 158: Bad configuration option: ForceCommand /etc/ssh/sshd

Re: [osol-help] How to jail SFTP

2010-03-06 Thread Aidan Lawn
ssh has the configuration option 'ChrootDirectory' - this should do exactly what you want. This feature was introduced in 2008, see debian article about using it here: http://www.debian-administration.org/articles/590 I set this up on ubuntu when it first came out, its so much easier than setti

Re: [osol-help] How to jail SFTP

2010-03-04 Thread Tim Evans
You may want to look at 'scponly': http://sublimation.org/scponly/wiki/index.php/Main_Page -- This message posted from opensolaris.org ___ opensolaris-help mailing list opensolaris-help@opensolaris.org

[osol-help] How to jail SFTP

2010-02-27 Thread Michelle Knight
Hi Folks, Well, two questions really. Firstly, how do I jail SFTP to a particular directory? Or can I jail certain users? I want to open up a repository, but not have everyone being able to get at system files and the like. I just want to keep SFTP jailed. Secondly ... and now I am being a