FRIHOSTFORUMSFAQTOSBLOGSDIRECTORY
You are invited to Log in or Register a Frihost Account!

sftp server

   Frihost Forum Index -> Computers -> Software
 


JayBee
I have a little problem. I want sftp server only but not an ssh access on my server. Is there any software that could satisfy this?
(without compiling another patched version of openssh)

The next problem is how to keep users in their home directory.

I have only remote access to the server, so I cant switch off openssh, because I will not login again after that.
server is running on debian
infobankr
This is definitely possible - you can setup a new shell (like bash) called scponly, which allows no shell access, only sftp access. Keeping the user within their home directory is a little bit tougher, you'll have to setup a chroot.
redice
You may change the user's shell to /dev/null in /etc/passwd file.Thus, the user will unable to access a shell from SSH. Restrict sftp home dir is a bit difficault for me. There seems no a config entry to do this.
JayBee
redice wrote:
You may change the user's shell to /dev/null in /etc/passwd file.Thus, the user will unable to access a shell from SSH. Restrict sftp home dir is a bit difficault for me. There seems no a config entry to do this.


I thought this too Very Happy but it doesn't work, because, you need to connect to ssh server and run some small set of commands.

It works for me now with scponly. But I don't know what have I wrong with chroot configuration.
BlueVD
Well, I'll give you a few hints just to show you a possible way to do the job.
when it comes to sftp...
I choose ProFTPD... It can use virtual users (users that don't exist in the /etc/passwd file) and the list of virtual users can be loaded from a database (mysql, pgsql, flat file, etc) and it can chroot the users...
This way nobody can access the remote system through ssh...

If you want to read about it...
http://www.castaglia.org/proftpd/doc/contrib/ProFTPD-mini-HOWTO-VirtualUsers.html
http://www.howtoforge.com/proftpd_mysql_virtual_hosting
http://www.castaglia.org/proftpd/doc/contrib/ProFTPD-mini-HOWTO-Authentication.html
If you have any trouble, contact me and I'll gladly help.
JayBee
Thank you BlueVD, I didn't know that ProFTP comes also with mod_ssl.
I'm little paranoid so I will never use pure ftp with clear text passwords.


When I'm able to read someones password, I know that anybody could do that so.
Reply to topic    Frihost Forum Index -> Computers -> Software

FRIHOST HOME | FAQ | TOS | ABOUT US | CONTACT US | SITE MAP
© 2005-2007 Frihost, forums powered by phpBB.