From owner-freebsd-hackers@FreeBSD.ORG Mon Dec 22 10:22:30 2008 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 8FDF21065673 for ; Mon, 22 Dec 2008 10:22:30 +0000 (UTC) (envelope-from rea-fbsd@codelabs.ru) Received: from 0.mx.codelabs.ru (0.mx.codelabs.ru [144.206.177.45]) by mx1.freebsd.org (Postfix) with ESMTP id 3E1FD8FC17 for ; Mon, 22 Dec 2008 10:22:29 +0000 (UTC) (envelope-from rea-fbsd@codelabs.ru) DomainKey-Signature: a=rsa-sha1; q=dns; c=simple; s=one; d=codelabs.ru; h=Received:Date:From:To:Cc:Subject:Message-ID:Reply-To:References:MIME-Version:Content-Type:Content-Disposition:In-Reply-To:Sender; b=S7dXHjmT1YcldJWf4A7rVVDoBL0qnEgz+41Hd/edgTJ2ntIBptCBVvnqnNHaa2T3aqPBI2Kfge/iKTPf+I6lYpLzH52HS0IOWnMTQa/Os1VjPpxXHHKfmihBxFtuXCu0WNl+mRmFRIjT4Sm252QyckBluuTCwkoXLy9uK252NZg=; Received: from shadow.pikenet.ru (school.pikenet.ru [85.30.229.242]) by 0.mx.codelabs.ru with esmtpsa (TLSv1:AES256-SHA:256) id 1LEhvg-000KJG-6N; Mon, 22 Dec 2008 13:22:28 +0300 Date: Mon, 22 Dec 2008 13:22:25 +0300 From: Eygene Ryabinkin To: Corne Kotze Message-ID: References: <1229934159.8928.20.camel@jackal> <1229937727.8928.24.camel@jackal> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="8w3uRX/HFJGApMzv" Content-Disposition: inline In-Reply-To: <1229937727.8928.24.camel@jackal> Sender: rea-fbsd@codelabs.ru Cc: freebsd-hackers@freebsd.org Subject: Re: SSH Problem X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: rea-fbsd@codelabs.ru List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 22 Dec 2008 10:22:30 -0000 --8w3uRX/HFJGApMzv Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Corne, Mon, Dec 22, 2008 at 11:22:07AM +0200, Corne Kotze wrote: > Thank for the reply. > Sorry for the ignorance, but I should have added this as well. > > I am running apart from other things, a secure ftp server on this box as > well that chroot the users to their home directories. > > I got the setup information from the following link: > http://www.bsdguides.org/guides/freebsd/security/sftp_chroot_users.php Ahm, SSH.com's realization of SSH suite. Forgot about this, sorry. I had never used it, so can't say how to make it work with public key authentication. But read on ;)) However, OpenSSH had gained the chroot ability in February 2008, http://undeadly.org/cgi?action=3Darticle&sid=3D20080220110039 But if you're running 6.x, you won't be able to use it -- it was imported only to 7.x and -CURRENT, SVN rev 182634 on 2008-09-01 20:03:13Z by des Though, no hope is lost -- security/openssh-portable is at 5.0p1, and chroot support is there. But it is prone to the X11 MITM attack (at least on HP/UX, don't currently know is FreeBSD is affected), http://www.openssh.com/txt/release-5.1 Your mileage may vary, if, for example, you're not using X11 forwarding, then you might be fine with this. > Setting the "rc.conf" file to: > sshd_enable=3D"YES" > sshd2_enable=3D"NO" > > Then my sftp setup does not work properly, unless I am missing something > that I can set in the "/etc/ssh/sshd_config" file. Ooookey, if you still prefer SSH.com's software, you may find the following article very enlightening, http://www.ssh.com/support/documentation/online/ssh/adminguide/32/Public-= Key_Authentication-2.html At least for me it looks very sane and verbose. --=20 Eygene _ ___ _.--. # \`.|\..----...-'` `-._.-'_.-'` # Remember that it is hard / ' ` , __.--' # to read the on-line manual =20 )/' _/ \ `-_, / # while single-stepping the kernel. `-'" `"\_ ,_.-;_.-\_ ', fsc/as # _.-'_./ {_.' ; / # -- FreeBSD Developers handbook=20 {_.-``-' {_/ # --8w3uRX/HFJGApMzv Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (FreeBSD) iEYEARECAAYFAklPamEACgkQthUKNsbL7YhZ5ACfTtWnfcM4blOnj6aYlz54Rf80 xgAAnjyr+PpXwFIaEE85kBxmD86UN00K =3Bf5 -----END PGP SIGNATURE----- --8w3uRX/HFJGApMzv--