Date: Fri, 12 Mar 2010 10:07:33 +0000 From: krad <kraduk@googlemail.com> To: Olivier Nicole <Olivier.Nicole@cs.ait.ac.th> Cc: freebsd-questions@freebsd.org, leslie@eskk.nu Subject: Re: I want to instal a "secure" ftp server Message-ID: <d36406631003120207p3f430b95i2f94a8ecd023a7c7@mail.gmail.com> In-Reply-To: <201003120827.o2C8RChV025564@banyan.cs.ait.ac.th> References: <4B99F9CB.8010601@eskk.nu> <201003120827.o2C8RChV025564@banyan.cs.ait.ac.th>
next in thread | previous in thread | raw e-mail | index | archive | help
On 12 March 2010 08:27, Olivier Nicole <Olivier.Nicole@cs.ait.ac.th> wrote: > Hi, > > > I need to have ftp access to a machine. I've found pure-ftpd but it was > > Hummm, you want the short answer? Don't enable ftp :) > > Ftp only accepts plain text passwords (until you enable things like > kerebos, one time password, etc), so it is not, it cannot be, secure. > > SFTP is there, working easily, ready to use, with a decent Windows > client WinSCP (winscp.net) > > Best regards, > > Olivier > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to " > freebsd-questions-unsubscribe@freebsd.org" > enable sftp in ssh and chroot all the users and make the sftp only accounts I wrote this guide for work a year or so ago. It was for solaris but it was using openssh so should work fine on bsd 1. Dont bother with sun ssh it wont work. Opensolaris and later solaris 10 are bundled with openssh though. 2. Make sure openssh version is 5 or above (some 4s do work but 5 better) 3. Add these lines to sshd config Match Group sftponly ChrootDirectory /home/chroot/%u X11Forwarding no AllowTcpForwarding no ForceCommand internal-sftp 4. Make sure the Subsystem line is this Subsystem sftp internal-sftp 5. create the sftponly group on the system 6. put the relevent users in this group. be careful as you will stop them being able to ssh in!! 7. Dead important this bit !!! mkdir -p /home/chroot/<user>/home/<user>/.ssh chown -R root /home/chroot/<user> chown -R <user> /home/chroot/<user> chmod -R 755 /home/chroot/<user> /home/chroot/<user>/home/<user> ln -s /home/chroot/<user>/home/<user> /home/. 8. Put their ssh keys in /home/chroot/<user>/home/<user>/.ssh All should now work
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?d36406631003120207p3f430b95i2f94a8ecd023a7c7>