Date: Mon, 22 Dec 2008 13:22:25 +0300 From: Eygene Ryabinkin <rea-fbsd@codelabs.ru> To: Corne Kotze <cornek@striata.com> Cc: freebsd-hackers@freebsd.org Subject: Re: SSH Problem Message-ID: <cltDob8TEMUTzywLFmwwThH6z5o@TVy1gMAmSsiP9GTg//ziIjLy%2Bsk> In-Reply-To: <1229937727.8928.24.camel@jackal> References: <1229934159.8928.20.camel@jackal> <dnoAcoCUUpmRgsgANBLPZChMEB8@TVy1gMAmSsiP9GTg//ziIjLy%2Bsk> <1229937727.8928.24.camel@jackal>
next in thread | previous in thread | raw e-mail | index | archive | help
--8w3uRX/HFJGApMzv Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Corne, Mon, Dec 22, 2008 at 11:22:07AM +0200, Corne Kotze wrote: > Thank for the reply. > Sorry for the ignorance, but I should have added this as well. > > I am running apart from other things, a secure ftp server on this box as > well that chroot the users to their home directories. > > I got the setup information from the following link: > http://www.bsdguides.org/guides/freebsd/security/sftp_chroot_users.php Ahm, SSH.com's realization of SSH suite. Forgot about this, sorry. I had never used it, so can't say how to make it work with public key authentication. But read on ;)) However, OpenSSH had gained the chroot ability in February 2008, http://undeadly.org/cgi?action=3Darticle&sid=3D20080220110039 But if you're running 6.x, you won't be able to use it -- it was imported only to 7.x and -CURRENT, SVN rev 182634 on 2008-09-01 20:03:13Z by des Though, no hope is lost -- security/openssh-portable is at 5.0p1, and chroot support is there. But it is prone to the X11 MITM attack (at least on HP/UX, don't currently know is FreeBSD is affected), http://www.openssh.com/txt/release-5.1 Your mileage may vary, if, for example, you're not using X11 forwarding, then you might be fine with this. > Setting the "rc.conf" file to: > sshd_enable=3D"YES" > sshd2_enable=3D"NO" > > Then my sftp setup does not work properly, unless I am missing something > that I can set in the "/etc/ssh/sshd_config" file. Ooookey, if you still prefer SSH.com's software, you may find the following article very enlightening, http://www.ssh.com/support/documentation/online/ssh/adminguide/32/Public-= Key_Authentication-2.html At least for me it looks very sane and verbose. --=20 Eygene _ ___ _.--. # \`.|\..----...-'` `-._.-'_.-'` # Remember that it is hard / ' ` , __.--' # to read the on-line manual =20 )/' _/ \ `-_, / # while single-stepping the kernel. `-'" `"\_ ,_.-;_.-\_ ', fsc/as # _.-'_./ {_.' ; / # -- FreeBSD Developers handbook=20 {_.-``-' {_/ # --8w3uRX/HFJGApMzv Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (FreeBSD) iEYEARECAAYFAklPamEACgkQthUKNsbL7YhZ5ACfTtWnfcM4blOnj6aYlz54Rf80 xgAAnjyr+PpXwFIaEE85kBxmD86UN00K =3Bf5 -----END PGP SIGNATURE----- --8w3uRX/HFJGApMzv--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?cltDob8TEMUTzywLFmwwThH6z5o>