Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 26 May 2010 00:23:29 +0200
From:      =?ISO-8859-1?B?QmFs4XpzIE3hdOlmZnk=?= <mateffy@enternet.hu>
To:        freebsd-questions@freebsd.org
Subject:   Re: chroot scp only network storage?
Message-ID:  <AANLkTilaI0NT4mKmctdvzmCgc0Wr4lDehhRaUDmAZXTC@mail.gmail.com>
In-Reply-To: <4BFC49C6.2020709@infracaninophile.co.uk>
References:  <933e7d04f535bbe649f089f9deb60284.squirrel@www.webcontracts.co.uk> <4BFC49C6.2020709@infracaninophile.co.uk>

next in thread | previous in thread | raw e-mail | index | archive | help
Hello,


Try /usr/ports/shells/scponly .

Look up the features, this way you can assign the restrictive scponly shell
to the users:

http://sublimation.org/scponly/wiki/index.php/Main_Page

Best Regards:

Bal=E1zs M=E1t=E9ffy



On 26 May 2010 00:05, Matthew Seaman <m.seaman@infracaninophile.co.uk>wrote=
:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On 25/05/2010 22:29:57, Matthew Law wrote:
> >
> > I want to provide some users with secure network attached storage over
> > SCP.  The intent is to provide people with a similar thing to, e.g.
> > rsync.net but inside of our network only.
> >
> > Security is obviously a priority so I would like each user to be chroot=
ed
> > into their allocated directory and allow them only to execute a small s=
et
> > of commands.
>
> Checkout the security/openssh-portable port which has options to enable
> chroot'ing.  You should be able to configure the account to only be able
> to use scp(1) or sftp(1) by editing sshd_config or by using forced
> commands in the user authorized_keys files.
>
> > I have come across scponly before.  Is this the best way of achieving
> this
> > with FreeBSD or is there some other better way?
>
> Another alternative is WebDAV.  Run it over HTTPS for security, and use
> the standard Apache authn/authz controls to give each user access to
> only their own area.  In principle your users can mount their WebDAV
> areas as networked filesystems on their desktops.  In practice, this
> works fine with MacOS X, is horribly buggy under Windows, needs quite a
> lot of effort to make work on Linux, and I don't think it's actually
> available at all on FreeBSD.  However, commandline clients like cadaver
> will work fine on anything Unixy.
>
>        Cheers
>
>        Matthew
>
> - --
> Dr Matthew J Seaman MA, D.Phil.                   7 Priory Courtyard
>                                                  Flat 3
> PGP: http://www.infracaninophile.co.uk/pgpkey     Ramsgate
> JID: matthew@infracaninophile.co.uk               Kent, CT11 9PW
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG/MacGPG2 v2.0.14 (Darwin)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
>
> iEYEARECAAYFAkv8ScYACgkQ8Mjk52CukIyLRQCginYWfMA2AJKnxZs9rvXlg7qf
> CnUAnj668eKglbUe8RIfp8actDj13gYe
> =3DjATZ
> -----END PGP SIGNATURE-----
> _______________________________________________
> freebsd-questions@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "
> freebsd-questions-unsubscribe@freebsd.org"
>



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?AANLkTilaI0NT4mKmctdvzmCgc0Wr4lDehhRaUDmAZXTC>