[ale] Restricting users to sftp
DJ-Pfulio
djpfulio at jdpfu.com
Fri May 29 05:20:23 EDT 2015
I thought it was just a setting in the sshd_config file?
internal-sftp - seems to make chroot trivial.
" Alternately the name “internal-sftp” implements an in-process
“sftp” server. This may simplify configurations using
ChrootDirectory to force a different filesystem root on clients."
On 05/28/2015 10:29 AM, Jim Kinney wrote:
> Ah. Read the mailing list threads. Not quite abandoned but pretty much
> so.
>
> Maybe a RedHat or SuSe team can pick it up as their commercial stuff
> benefits from the security aspects of rssh.
>
> On Thu, 2015-05-28 at 14:09 +0000, Beddingfield, Allen wrote:
>> For years now, we have been using RSSH to restrict users to sftp-only
>> on our web servers.
>> http://www.pizzashack.org/rssh/
>> Unfortunately, this is pretty much an abandoned project, now.
>> The way it works is that you just change the user’s shell to rssh, and
>> sftp/scp is the only thing allowed. You can also set a umask in the
>> rssh.conf file in /etc
>> I’m looking for a way to do this without using RSSH. I see
>> instructions for sftp-only/chroot for OpenSSH,but that seems a little
>> much for what we are wanting to accomplish. My only goal is the
>> prevent shell access – I don’t need the chroot setup.
>> Any clever ideas?
>> Thanks.
>> Allen B.
>> --
>> Allen Beddingfield
>> Systems Engineer
>> The University of Alabama
>>
>>
>> _______________________________________________
>> Ale mailing list
>> Ale at ale.org
>> http://mail.ale.org/mailman/listinfo/ale
>> See JOBS, ANNOUNCE and SCHOOLS lists at
>> http://mail.ale.org/mailman/listinfo
>
More information about the Ale
mailing list