[NTLUG:Discuss] SFTP chroot'ed
Leroy Tennison
leroy_tennison at prodigy.net
Wed Nov 22 22:44:36 CST 2006
Rev. wRy wrote:
> Should be:
>
> http://chrootssh.sourceforge.net/docs/chrootedsftp.html
>
> On Wed, 2006-11-22 at 09:12, Kenneth Loafman wrote:
>
>> Is it possible to use sftp in a the same way as ftp so that the process
>> is chroot'ed to the user's home directory? proftpd lets me do that to
>> ftp users, but I would like to convince sftp to do the same thing.
>>
>> Bottom line request is a homedir chroot'ed secure ftp process.
>>
>> ...Thanks,
>> ...Ken
>>
>> _______________________________________________
>> http://www.ntlug.org/mailman/listinfo/discuss
>>
>
>
> _______________________________________________
> http://www.ntlug.org/mailman/listinfo/discuss
>
>
If you don't mind the patch this sounds like a perfect solution. If it
doesn't meet your needs there may be another option: secure ftp. This
is different than ssh's sftp. It is an extension of ftp using SSL/TLS.
See RFC 2228. Also,
http://www.ford-hutchinson.com/~fh-1-pfh/ftps-ext.html
has a good overview of these methods as well as a list of software which
is capable of handling them. My research found that, for Linux, vsftpd
could do secure ftp as a server and lftp or C-kermit 8.0 could be a
client. I have done limited testing with vsftpd and lftp and it does
work but there are some things you need to know - I'll be glad to share
what I've learned if you have an interest.
The advantages to this solution are that you are now back to a
"traditional" ftp server with chroot capabilities and it appears that
some environments may not be able to use ssh. I initially learned about
this when a mainframe technician made a comment in email that "the
mainframe supports secure ftp by SSL/TLS". This led to my current
investigation.
More information about the Discuss
mailing list