[ale] Restricting users to sftp

DJ-Pfulio djpfulio at jdpfu.com
Fri May 29 05:20:23 EDT 2015


I thought it was just a setting in the sshd_config file?

internal-sftp - seems to make chroot trivial.
"             Alternately the name “internal-sftp” implements an in-process
             “sftp” server.  This may simplify configurations using
             ChrootDirectory to force a different filesystem root on clients."




On 05/28/2015 10:29 AM, Jim Kinney wrote:
> Ah. Read the mailing list threads. Not quite abandoned but pretty much
> so.
> 
> Maybe a RedHat or SuSe team can pick it up as their commercial stuff
> benefits from the security aspects of rssh.
> 
> On Thu, 2015-05-28 at 14:09 +0000, Beddingfield, Allen wrote:
>> For years now, we have been using RSSH to restrict users to sftp-only
>> on our web servers.  
>> http://www.pizzashack.org/rssh/
>> Unfortunately, this is pretty much an abandoned project, now.  
>> The way it works is that you just change the user’s shell to rssh, and
>> sftp/scp is the only thing allowed. You can also set a umask in the
>> rssh.conf file  in /etc
>> I’m looking for a way to do this without using RSSH. I see
>> instructions for sftp-only/chroot for OpenSSH,but that seems a little
>> much for what we are wanting to accomplish.  My only goal is the
>> prevent shell access – I don’t need the chroot setup.
>> Any clever ideas?
>> Thanks.
>> Allen B.
>> --
>> Allen Beddingfield
>> Systems Engineer
>> The University of Alabama
>>
>>
>> _______________________________________________
>> Ale mailing list
>> Ale at ale.org
>> http://mail.ale.org/mailman/listinfo/ale
>> See JOBS, ANNOUNCE and SCHOOLS lists at
>> http://mail.ale.org/mailman/listinfo
> 




More information about the Ale mailing list