From owner-freebsd-questions@FreeBSD.ORG Tue Mar 11 22:08:46 2008 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 86329106566C for ; Tue, 11 Mar 2008 22:08:46 +0000 (UTC) (envelope-from philip@ridecharge.com) Received: from exhub015-2.exch015.msoutlookonline.net (exhub015-2.exch015.msoutlookonline.net [207.5.72.94]) by mx1.freebsd.org (Postfix) with ESMTP id 758798FC1A for ; Tue, 11 Mar 2008 22:08:46 +0000 (UTC) (envelope-from philip@ridecharge.com) Received: from philip.hq.rws (74.93.213.161) by smtpx15.msoutlookonline.net (207.5.72.103) with Microsoft SMTP Server (TLS) id 8.1.240.5; Tue, 11 Mar 2008 15:08:45 -0700 Message-ID: <47D702EC.2090908@riderway.com> Date: Tue, 11 Mar 2008 18:08:44 -0400 From: "Philip M. Gollucci" Organization: Ridecharge User-Agent: Thunderbird 2.0.0.6 (X11/20070919) MIME-Version: 1.0 To: FreeBSD Questions Content-Type: text/plain; charset="ISO-8859-1"; format=flowed Content-Transfer-Encoding: 7bit Subject: security/openssh-portable X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 11 Mar 2008 22:08:46 -0000 Hi, I'm setting up a 'chrooted' SFTP only set of users: /etc/make.conf: .if ${.CURDIR:M*/usr/ports/security/openssh-portable*} WITH_SUID_SSH =yes WITH_OPENSSH_CHROOT =yes WITH_HPN =yes WITH_OVERWRITE_BASE =yes .endif /etc/rc.conf: sshd_enable="NO" openssh_enable="YES" /etc/passwd: user:*:3000:3000::0:0:F L:/foo/./user:/bin/sh Access will be with ssh dsa keys only. What is the best way to make this SFTP only and not SSH? 1).ssh/authorization? 2) change user's shell to /usr/local/libexec/sftp-server 3) change user's shell to a custom C wrapper around [2] 4) a combination of them -- ------------------------------------------------------------------------ Philip M. Gollucci (philip@ridecharge.com) o:703.549.2050x206 Senior System Admin - Riderway, Inc. http://riderway.com / http://ridecharge.com 1024D/EC88A0BF 0DE5 C55C 6BF3 B235 2DAB B89E 1324 9B4F EC88 A0BF Work like you don't need the money, love like you'll never get hurt, and dance like nobody's watching.