Date: Tue, 11 Mar 2008 18:08:44 -0400 From: "Philip M. Gollucci" <pgollucci@riderway.com> To: FreeBSD Questions <freebsd-questions@freebsd.org> Subject: security/openssh-portable Message-ID: <47D702EC.2090908@riderway.com>
next in thread | raw e-mail | index | archive | help
Hi,
I'm setting up a 'chrooted' SFTP only set of users:
/etc/make.conf:
.if ${.CURDIR:M*/usr/ports/security/openssh-portable*}
WITH_SUID_SSH =yes
WITH_OPENSSH_CHROOT =yes
WITH_HPN =yes
WITH_OVERWRITE_BASE =yes
.endif
/etc/rc.conf:
sshd_enable="NO"
openssh_enable="YES"
/etc/passwd:
user:*:3000:3000::0:0:F L:/foo/./user:/bin/sh
Access will be with ssh dsa keys only.
What is the best way to make this SFTP only and not SSH?
1).ssh/authorization?
2) change user's shell to /usr/local/libexec/sftp-server
3) change user's shell to a custom C wrapper around [2]
4) a combination of them
--
------------------------------------------------------------------------
Philip M. Gollucci (philip@ridecharge.com)
o:703.549.2050x206
Senior System Admin - Riderway, Inc.
http://riderway.com / http://ridecharge.com
1024D/EC88A0BF 0DE5 C55C 6BF3 B235 2DAB B89E 1324 9B4F EC88 A0BF
Work like you don't need the money,
love like you'll never get hurt,
and dance like nobody's watching.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?47D702EC.2090908>