Date: Tue, 11 Mar 2008 18:08:44 -0400 From: "Philip M. Gollucci" <pgollucci@riderway.com> To: FreeBSD Questions <freebsd-questions@freebsd.org> Subject: security/openssh-portable Message-ID: <47D702EC.2090908@riderway.com>
index | next in thread | raw e-mail
Hi,
I'm setting up a 'chrooted' SFTP only set of users:
/etc/make.conf:
.if ${.CURDIR:M*/usr/ports/security/openssh-portable*}
WITH_SUID_SSH =yes
WITH_OPENSSH_CHROOT =yes
WITH_HPN =yes
WITH_OVERWRITE_BASE =yes
.endif
/etc/rc.conf:
sshd_enable="NO"
openssh_enable="YES"
/etc/passwd:
user:*:3000:3000::0:0:F L:/foo/./user:/bin/sh
Access will be with ssh dsa keys only.
What is the best way to make this SFTP only and not SSH?
1).ssh/authorization?
2) change user's shell to /usr/local/libexec/sftp-server
3) change user's shell to a custom C wrapper around [2]
4) a combination of them
--
------------------------------------------------------------------------
Philip M. Gollucci (philip@ridecharge.com)
o:703.549.2050x206
Senior System Admin - Riderway, Inc.
http://riderway.com / http://ridecharge.com
1024D/EC88A0BF 0DE5 C55C 6BF3 B235 2DAB B89E 1324 9B4F EC88 A0BF
Work like you don't need the money,
love like you'll never get hurt,
and dance like nobody's watching.
home |
help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?47D702EC.2090908>