Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in

  FAQ | Search | Memberlist | Usergroups | Statistics | Profile | Log in to check your private messages | Log in | Register

How to jail the sftp users to home directorys ?
 View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
EstebanGonzales
n00b
n00b


Joined: 14 Oct 2010
Posts: 8
PostPosted: Sat Oct 16, 2010 9:59 pm    Post subject: How to jail the sftp users to home directorys ? Reply with quote
Hi im looking to Install a Secure FTP Server on one of my systems/
Can anyone reccomend a good one to use ?
I need to be able to upload files to the server from remote locations mostly for windows users and some linux.
I need one that is fairly easy to use.

Thanks :D

Last edited by EstebanGonzales on Sun Oct 17, 2010 10:39 am; edited 1 time in total
Back to top
View user's profile Send private message
TJNII
l33t
l33t


Joined: 09 Nov 2003
Posts: 648
Location: for(;;);
PostPosted: Sat Oct 16, 2010 10:51 pm    Post subject: Reply with quote
Enable SFTP support in ssh.
Uncomment the following line in your sshd_config file:
Code:
Subsystem       sftp    /usr/lib/misc/sftp-server


If memory serves the clients I use are sftp for Linux and win-scp for Windows. I haven't used it in a while, though. This rides on top of ssh, so you don't need to forward anything other than your ssh port.

Don't use old-school FTP. Clear text passwords are bad, mmmkay?
Back to top
View user's profile Send private message
EstebanGonzales
n00b
n00b


Joined: 14 Oct 2010
Posts: 8
PostPosted: Sat Oct 16, 2010 11:33 pm    Post subject: Reply with quote
Ok excellent thanks I will give this ago.
Is there any important things I need to no when enabling this ?
Can i make the users chrooted into there own www directorys so they can not move around the Server ?
If so how would i go about doing this ?

Cheers
Back to top
View user's profile Send private message
TJNII
l33t
l33t


Joined: 09 Nov 2003
Posts: 648
Location: for(;;);
PostPosted: Sun Oct 17, 2010 4:13 pm    Post subject: Reply with quote
If you want to chroot and jail the users vsftpd may be better as I don't think sftp can do that. vsftpd is plain ftp so it does have the issue of clear text passwords, but you should be able to encrypt it to mitigate that problem. I believe vsftpd is programmed with what you want to do in mind, so look into that.

I can't offer specific advice beyond that, I've only used vsftpd to set up a very basic FTP server to push drivers into EFI.
Back to top
View user's profile Send private message
EstebanGonzales
n00b
n00b


Joined: 14 Oct 2010
Posts: 8
PostPosted: Sun Oct 17, 2010 5:21 pm    Post subject: Reply with quote
Im looking to do it through shh i no it can be done but now sure how to set it up .
Back to top
View user's profile Send private message
Ant P.
Watchman
Watchman


Joined: 18 Apr 2009
Posts: 6920
PostPosted: Sun Oct 17, 2010 8:03 pm    Post subject: Reply with quote
You want ChrootDirectory. man sshd_config.
Back to top
View user's profile Send private message
EstebanGonzales
n00b
n00b


Joined: 14 Oct 2010
Posts: 8
PostPosted: Mon Oct 18, 2010 6:44 pm    Post subject: Reply with quote
Ok thanks for your reply but the man file doesnt reall explaine at all how to set this up.
Back to top
View user's profile Send private message
Ant P.
Watchman
Watchman


Joined: 18 Apr 2009
Posts: 6920
PostPosted: Mon Oct 18, 2010 9:19 pm    Post subject: Reply with quote
Code:
Match User sftpuser*
    ChrootDirectory /home/%u
    ForceCommand internal-sftp

etc.
Back to top
View user's profile Send private message
Goverp
Advocate
Advocate


Joined: 07 Mar 2007
Posts: 2204
PostPosted: Tue Oct 19, 2010 8:38 am    Post subject: FTP and SFTP are very different internally Reply with quote
TJNII wrote:
If you want to chroot and jail the users vsftpd may be better as I don't think sftp can do that. vsftpd is plain ftp so it does have the issue of clear text passwords, but you should be able to encrypt it to mitigate that problem. I believe vsftpd is programmed with what you want to do in mind, so look into that. ...EFI.

Sadly, it's not at all easy to add encryption to a straight FTP implementation. SFTP uses a completely different approach to provide a secure connection.

What this means is that vsftp is not suitable if you want a secure connection; where it is useful is when you want to offer plain FTP with decent control on what clients can do. If you want a secure connection, you need SFTP.
_________________
Greybeard
Back to top
View user's profile Send private message
EstebanGonzales
n00b
n00b


Joined: 14 Oct 2010
Posts: 8
PostPosted: Tue Oct 19, 2010 10:47 am    Post subject: Reply with quote
Sftp is what i need and is what I have at the moment.
What im trying to do is jail the users but having extreme problems doing this
Back to top
View user's profile Send private message
py-ro
Veteran
Veteran


Joined: 24 Sep 2002
Posts: 1734
Location: Velbert
PostPosted: Tue Oct 19, 2010 1:49 pm    Post subject: Reply with quote
You can simply use proftpd with mod_sftp. But, either ssh or sftp must change its port.

Py
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



 Links: forums.gentoo.org | www.gentoo.org | bugs.gentoo.org | wiki.gentoo.org | forum-mods@gentoo.org

Copyright 2001-2025 Gentoo Foundation, Inc. Designed by Kyle Manna © 2003; Style derived from original subSilver theme. | Hosting by Gossamer Threads Inc. © | Powered by phpBB 2.0.23-gentoo-p11 © 2001, 2002 phpBB Group
Privacy Policy