Date: Wed, 26 May 2010 00:23:29 +0200 From: =?ISO-8859-1?B?QmFs4XpzIE3hdOlmZnk=?= <mateffy@enternet.hu> To: freebsd-questions@freebsd.org Subject: Re: chroot scp only network storage? Message-ID: <AANLkTilaI0NT4mKmctdvzmCgc0Wr4lDehhRaUDmAZXTC@mail.gmail.com> In-Reply-To: <4BFC49C6.2020709@infracaninophile.co.uk> References: <933e7d04f535bbe649f089f9deb60284.squirrel@www.webcontracts.co.uk> <4BFC49C6.2020709@infracaninophile.co.uk>
next in thread | previous in thread | raw e-mail | index | archive | help
Hello, Try /usr/ports/shells/scponly . Look up the features, this way you can assign the restrictive scponly shell to the users: http://sublimation.org/scponly/wiki/index.php/Main_Page Best Regards: Bal=E1zs M=E1t=E9ffy On 26 May 2010 00:05, Matthew Seaman <m.seaman@infracaninophile.co.uk>wrote= : > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On 25/05/2010 22:29:57, Matthew Law wrote: > > > > I want to provide some users with secure network attached storage over > > SCP. The intent is to provide people with a similar thing to, e.g. > > rsync.net but inside of our network only. > > > > Security is obviously a priority so I would like each user to be chroot= ed > > into their allocated directory and allow them only to execute a small s= et > > of commands. > > Checkout the security/openssh-portable port which has options to enable > chroot'ing. You should be able to configure the account to only be able > to use scp(1) or sftp(1) by editing sshd_config or by using forced > commands in the user authorized_keys files. > > > I have come across scponly before. Is this the best way of achieving > this > > with FreeBSD or is there some other better way? > > Another alternative is WebDAV. Run it over HTTPS for security, and use > the standard Apache authn/authz controls to give each user access to > only their own area. In principle your users can mount their WebDAV > areas as networked filesystems on their desktops. In practice, this > works fine with MacOS X, is horribly buggy under Windows, needs quite a > lot of effort to make work on Linux, and I don't think it's actually > available at all on FreeBSD. However, commandline clients like cadaver > will work fine on anything Unixy. > > Cheers > > Matthew > > - -- > Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard > Flat 3 > PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate > JID: matthew@infracaninophile.co.uk Kent, CT11 9PW > -----BEGIN PGP SIGNATURE----- > Version: GnuPG/MacGPG2 v2.0.14 (Darwin) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ > > iEYEARECAAYFAkv8ScYACgkQ8Mjk52CukIyLRQCginYWfMA2AJKnxZs9rvXlg7qf > CnUAnj668eKglbUe8RIfp8actDj13gYe > =3DjATZ > -----END PGP SIGNATURE----- > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to " > freebsd-questions-unsubscribe@freebsd.org" >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?AANLkTilaI0NT4mKmctdvzmCgc0Wr4lDehhRaUDmAZXTC>