Date: Wed, 8 Nov 2006 14:39:57 +0200 From: "Aggelis Aggelis" <aggelis@gmail.com> To: "Gorobets Igor" <igoryan@wheel.kiev.ua> Cc: freebsd-questions@freebsd.org Subject: Re: ftp over ssh Message-ID: <f8ec3c030611080439x6340ecbdn9adc63c2c23af3fc@mail.gmail.com> In-Reply-To: <20061108094550.GA26361@mail.it-geeks.kiev.ua> References: <20061108094550.GA26361@mail.it-geeks.kiev.ua>
next in thread | previous in thread | raw e-mail | index | archive | help
On 11/8/06, Gorobets Igor <igoryan@wheel.kiev.ua> wrote: > Hello. How correctly to adjust this miracle? :-) > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org" > from http://forums.serverbeach.com/archive/index.php/t-2179.html "FTP is insecure. Passwords are sent in plaintext for anyone to snoop. SFTP is secure, but to use SFTP you generally have to give a user SSH access. Which is not always desirable. So, to give a user SFTP access without SSH access, set their shell to /usr/libexec/openssh/sftp-server instead of /bin/sh or /bin/bash. If your sftp-server is not there, use locate sftp-server to find it." in freebsd sftp-server is located in the /usr/libexec directory. another solution is to use rssh (meaning restricted ssh) from rssh faq "Q: Why did you write this software? A: Mainly, because the question of how to restrict access to scp or sftp only kept coming up on a few different mailing lists I was on at the time... Several people made some suggestions (like using a shell script as the user's shell) which sort of work, but aren't terribly secure or reliable. The commercial SSH product has a program to do this, but OpenSSH does not. Joe Boyle has a similar program called scponly, which at the time I looked at it had some security problems, though they have since been fixed... It does currently have some functionality that rssh does not (namely it works with WinSCP; see below), and some that it never will have (more on that in a moment). Obviously I prefer the way I've implemented my program, or else I wouldn't have written it. =8^) I did not write this program for my own use; I do not use it today, nor have I ever (though obviously I would if the occasion arose). At the time, I was bored, and I thought this project would be amusing and educational, as well as fill a gap. Please keep this in mind when asking for support. Odds are I'll give it pretty quickly if I've got a free minute, but what you get is what you get, and I won't loose sleep over slow response time. You've been warned. " personaly i prefer the first solution from a security viewpoint because sftp-server is writen by the openssh team. Any Comments on the above solutions are welcomed.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?f8ec3c030611080439x6340ecbdn9adc63c2c23af3fc>