[NTLUG:Discuss] SFTP chroot'ed

Leroy Tennison leroy_tennison at prodigy.net
Wed Nov 22 22:44:36 CST 2006


Rev. wRy wrote:
> Should be:
>
> http://chrootssh.sourceforge.net/docs/chrootedsftp.html
>
> On Wed, 2006-11-22 at 09:12, Kenneth Loafman wrote:
>   
>> Is it possible to use sftp in a the same way as ftp so that the process
>> is chroot'ed to the user's home directory?  proftpd lets me do that to
>> ftp users, but I would like to convince sftp to do the same thing.
>>
>> Bottom line request is a homedir chroot'ed secure ftp process.
>>
>> ...Thanks,
>> ...Ken
>>
>> _______________________________________________
>> http://www.ntlug.org/mailman/listinfo/discuss
>>     
>
>
> _______________________________________________
> http://www.ntlug.org/mailman/listinfo/discuss
>
>   
If you don't mind the patch this sounds like a perfect solution.  If it 
doesn't meet your needs there may be another option: secure ftp.  This 
is different than ssh's sftp.  It is an extension of ftp using SSL/TLS.  
See RFC 2228.  Also,

http://www.ford-hutchinson.com/~fh-1-pfh/ftps-ext.html


has a good overview of these methods as well as a list of software which 
is capable of handling them.  My research found that, for Linux, vsftpd 
could do secure ftp as a server and lftp or C-kermit 8.0 could be a 
client.  I have done limited testing with vsftpd and lftp and it does 
work but there are some things you need to know - I'll be glad to share 
what I've learned if you have an interest.

The advantages to this solution are that you are now back to a 
"traditional" ftp server with chroot capabilities and it appears that 
some environments may not be able to use ssh.  I initially learned about 
this when a mainframe technician made a comment in email that "the 
mainframe supports secure ftp by SSL/TLS".  This led to my current 
investigation.



More information about the Discuss mailing list