From owner-freebsd-questions@FreeBSD.ORG  Tue Mar 28 11:16:59 2006
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
X-Original-To: freebsd-questions@freebsd.org
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 12B2C16A41F
	for <freebsd-questions@freebsd.org>;
	Tue, 28 Mar 2006 11:16:59 +0000 (UTC)
	(envelope-from work@ashleymoran.me.uk)
Received: from mail.dc-servers.com (mail.dc-servers.com [83.243.101.206])
	by mx1.FreeBSD.org (Postfix) with SMTP id 0EDAE43D48
	for <freebsd-questions@freebsd.org>;
	Tue, 28 Mar 2006 11:16:57 +0000 (GMT)
	(envelope-from work@ashleymoran.me.uk)
Received: (qmail 4485 invoked by uid 399); 28 Mar 2006 11:16:59 -0000
Received: from unknown (HELO alfie.jigsawhq.com)
	(work@ashleymoran.me.uk@213.106.224.113)
	by mail.dc-servers.com with SMTP; 28 Mar 2006 11:16:59 -0000
From: Ashley Moran <work@ashleymoran.me.uk>
Organization: Codeweavers Ltd
To: freebsd-questions@freebsd.org,
 corwin@aeternal.net
Date: Tue, 28 Mar 2006 12:16:58 +0100
User-Agent: KMail/1.9.1
References: <200603281030.53485.work@ashleymoran.me.uk>
	<44290396.3010607@aeternal.net>
In-Reply-To: <44290396.3010607@aeternal.net>
MIME-Version: 1.0
Content-Type: text/plain;
  charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Message-Id: <200603281216.58772.work@ashleymoran.me.uk>
Cc: 
Subject: Re: Restricted SFTP access to server for one user
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 28 Mar 2006 11:16:59 -0000

On Tuesday 28 March 2006 10:36, Martin Hudec wrote:
> Hello Ashley,
>
> Ashley Moran wrote:
> > I don't want to install an FTP program, and we
> > don't use password authentication for SSH, so I'm going to tell him to
> > create a key pair and send us his public key.
>
> Maybe for the client, it would be better to use also password based
> authentication, ask him - he is the client and he should define what he
> wants.

Hi Martin,

We shouldn't really be hosting his site (it turned out his ISP doesn't offer 
PHP), and I don't think he's paying anything for this, so he gets what we 
give :D

> > I can remove his login shell, but how do I restrict him to only view his
> > home directory over SFTP?
>
> I think that shells/scponly should have chroot ability for their users.

I'm looking at shells/rssh, which appears to be the most popular way to give 
restricted sftp access.  But I'm not having much luck with the chroot.  I 
might try scponly if I don't get anywhere.

Ashley