sftp, scponly, restricted user environments

[Matthew Carpenter]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

There is a patch available to make openssh chrooted.  I found it in a
book SANS was giving away for free called "Securing Linux: A Survival
Guide for Linux Security".

I believe there is another project just for what you want to do.  Check
out "scponly" at freshmeat.


Collins Richey wrote:
| We are in the process of setting up a user environment for users of
| our local lug. Our desire is to have user accounts that do not have a
| usable shell but to allow users to upload files, create/destroy
| directories under their home directory, remove files under their home
| directory, etc. sftp is a nice, somewhat secure way of getting this to
| happen, but it allows cd to any directory under the sun. I found some
| references to the scponly shell, but we don't currently have that
| installed on the server (FC3).
|
| We will be requiring public/private key authentication ans ssh or sftp
| for any access to the server. Users will be able to maintain their own
| webpage on our server (we use Apache).
|
| Thus far I haven't found any easy way to restrict the cd command under
| sftp. Is there any way to do this without setting up a chroot jail
| (uggh! more work than I would like)?
|
| Does anyone have any suggestions or experience with this type of setup?
|

- --
Matthew Carpenter
matt at eisgr.com                          http://www.eisgr.com/

Enterprise Information Systems
* Network Server Appliances
* Security Consulting, Incident Handling & Forensics
* Network Consulting, Integration & Support
* Web Integration and E-Business
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFB2Vw4so9lqh4MragRAq1uAJ9vboPY6R+sLx0FFlir4Vzh6rLHowCcCCkp
NzE8qbcexRAtj611MLRY7M0=
=dBrD
-----END PGP SIGNATURE-----