From owner-freebsd-questions@FreeBSD.ORG Fri Mar 12 10:37:08 2010 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id C23731065675 for ; Fri, 12 Mar 2010 10:37:08 +0000 (UTC) (envelope-from leslie@eskk.nu) Received: from mx1.bjare.net (mx1.bjare.net [212.31.160.3]) by mx1.freebsd.org (Postfix) with ESMTP id 55FD58FC24 for ; Fri, 12 Mar 2010 10:37:08 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by mx1.bjare.net (Postfix) with ESMTP id 63B4F5E1AC; Fri, 12 Mar 2010 11:37:07 +0100 (CET) X-Virus-Scanned: Debian amavisd-new at mx1.bjare.net X-Spam-Flag: NO X-Spam-Score: -1.864 X-Spam-Level: X-Spam-Status: No, score=-1.864 tagged_above=-999 required=5 tests=[AWL=-0.169, BAYES_00=-2.599, RCVD_IN_PBL=0.905, SPF_PASS=-0.001] Received: from mx1.bjare.net ([127.0.0.1]) by localhost (mx1.bjare.net [127.0.0.1]) (amavisd-new, port 10024) with LMTP id WZWqCEQBozVA; Fri, 12 Mar 2010 11:37:05 +0100 (CET) X-BN-MX1: ja X-BN-MailInfo: BjareNet Received: from [172.17.0.140] (c-195-216-040-164.static.bjare.net [195.216.40.164]) by mx1.bjare.net (Postfix) with ESMTP id DC1825E1E0; Fri, 12 Mar 2010 11:37:04 +0100 (CET) Message-ID: <4B9A1954.9070201@eskk.nu> Date: Fri, 12 Mar 2010 11:37:08 +0100 From: Leslie Jensen User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; sv-SE; rv:1.9.1.8) Gecko/20100227 Thunderbird/3.0.3 MIME-Version: 1.0 To: krad References: <4B99F9CB.8010601@eskk.nu> <201003120827.o2C8RChV025564@banyan.cs.ait.ac.th> In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-questions@freebsd.org Subject: Re: I want to instal a "secure" ftp server X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 12 Mar 2010 10:37:08 -0000 krad skrev 2010-03-12 11:07: > > enable sftp in ssh and chroot all the users and make the sftp only accounts > > I wrote this guide for work a year or so ago. It was for solaris but it was > using openssh so should work fine on bsd > > > 1. Dont bother with sun ssh it wont work. Opensolaris and later solaris > 10 are bundled with openssh though. > 2. Make sure openssh version is 5 or above (some 4s do work but 5 better) > 3. Add these lines to sshd config > > Match Group sftponly > ChrootDirectory /home/chroot/%u > X11Forwarding no > AllowTcpForwarding no > ForceCommand internal-sftp > > 4. Make sure the Subsystem line is this > > Subsystem sftp internal-sftp > > 5. create the sftponly group on the system > 6. put the relevent users in this group. be careful as you will stop them > being able to ssh in!! > 7. Dead important this bit !!! > > mkdir -p /home/chroot//home//.ssh > chown -R root /home/chroot/ > chown -R /home/chroot/ > chmod -R 755 /home/chroot/ /home/chroot//home/ > ln -s /home/chroot//home/ /home/. > > 8. Put their ssh keys in /home/chroot//home//.ssh > > All should now work > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org" This sounds as a solution I can use :-) Will Windows users be able to use an ftp client to connect? I've never implemented ssh with ftp before so I want to clarify for my understanding. Thanks /Leslie