Hey! I finally decided to join the BYU UUG. This is my first post, so I hope I don't get flamed too bad.
Anyway, I need to make the move out of FTP to SFTP. It is pretty straight forward but I don't feel very comfortable about the move, mainly because an SFTP user can also get a shell through SSH. I've been using vsftpd and I have really liked it. I can confine users to a chroot jail, no execution privileges, no anonymous access, etc. I checked the SSL abilities of vsftpd and it is capable of using them but theoretically, FTP over SSL is called FPTS (like HTTPS) and it is not compatible with SFTP (SSH's implementation of an secure FTP server). I have also check with Google if there was a way to implement vsftpd-like security with SFTP. I found several posts that required more work than I wanted to do, mainly chroot'ed, statically linked environments in a user's directory and other magic like that. So my questions are: Has anyone implemented an SFTP server where the SFTP user could not get to a shell or execute any arbitrary command via SSH? If you have, will you tell me your secrets? If nobody has done it, I was thinking of creating an SSH group (or using the wheel group) with a combination of checks on .bash_profile and friends to close connections to SFTP users that don't have SSH access. Has anybody done anything like this that could provide of his/her/its wisdom? Thanks in advance. -- Alberto Treviño [EMAIL PROTECTED] CID Testing Center Brigham Young University -------------------- BYU Unix Users Group http://uug.byu.edu/ The opinions expressed in this message are the responsibility of their author. They are not endorsed by BYU, the BYU CS Department or BYU-UUG. ___________________________________________________________________ List Info: http://uug.byu.edu/cgi-bin/mailman/listinfo/uug-list
