Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 12 Mar 2010 11:37:08 +0100
From:      Leslie Jensen <leslie@eskk.nu>
To:        krad <kraduk@googlemail.com>
Cc:        freebsd-questions@freebsd.org
Subject:   Re: I want to instal a "secure" ftp server
Message-ID:  <4B9A1954.9070201@eskk.nu>
In-Reply-To: <d36406631003120207p3f430b95i2f94a8ecd023a7c7@mail.gmail.com>
References:  <4B99F9CB.8010601@eskk.nu>	<201003120827.o2C8RChV025564@banyan.cs.ait.ac.th> <d36406631003120207p3f430b95i2f94a8ecd023a7c7@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help 


krad skrev 2010-03-12 11:07:

>
> enable sftp in ssh and chroot all the users and make the sftp only accounts
>
> I wrote this guide for work a year or so ago. It was for solaris but it was
> using openssh so should work fine on bsd
>
>
>     1. Dont bother with sun ssh it wont work. Opensolaris and later solaris
>     10 are bundled with openssh though.
>     2. Make sure openssh version is 5 or above (some 4s do work but 5 better)
>     3. Add these lines to sshd config
>
>     Match Group sftponly
>              ChrootDirectory /home/chroot/%u
>              X11Forwarding no
>              AllowTcpForwarding no
>              ForceCommand internal-sftp
>
>      4. Make sure the Subsystem line is this
>
>     Subsystem       sftp    internal-sftp
>
>      5. create the sftponly group on the system
>     6. put the relevent users in this group. be careful as you will stop them
>     being able to ssh in!!
>     7. Dead important this bit !!!
>
>     mkdir -p /home/chroot/<user>/home/<user>/.ssh
>     chown -R root /home/chroot/<user>
>     chown -R<user>  /home/chroot/<user>
>     chmod -R 755 /home/chroot/<user>  /home/chroot/<user>/home/<user>
>     ln -s /home/chroot/<user>/home/<user>  /home/.
>
>      8. Put their ssh keys in /home/chroot/<user>/home/<user>/.ssh
>
>   All should now work
> _______________________________________________
> freebsd-questions@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org"

This sounds as a solution I can use :-)

Will Windows users be able to use an ftp client to connect? I've never 
implemented ssh with ftp before so I want to clarify for my understanding.

Thanks

/Leslie

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4B9A1954.9070201>