RE: [Jail-main] Jail-main +apache +sftp and howto (newbie)

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

>Hello Juan,

	Hello Michael

>I have gone ahead and installed Jail-man and so far it is 
>working great. Still have some tweaking to get figured out but 
>other than that it seems to be what I was looking for.
>
>Only thing I am looking into now is how much software I need 
>to install to the chroot directory in order to get sftp 
>working. Obviously I will need to do ssh and the sftp-server, 
>but I am unsure of any other requirements.

	You shouldn't install too much software. From your previous
	mail, i deduce that you want your users (from the outside)
	can put the files inside the chrooted environment (the
	secured machine). Note that jail only chroots filesystems,	
	not net daemons, and scp & ssh are.

	Scp & ssh will works without install any software, because
	the are outside the chrooted environment (another thing
	is that you want that your chrooted users can do scp &
	ssh to another machines, but you don't want that, right?)

>I'm sure through configuration of the sshd_conf I can restrict 
>user access to an sftp client only.

	I was poking with this file yesterday and I don't see anything
	but please, if you can tweak it to do that, send me the 
	configuration options back :)

>Thanks in advance for any advice regarding other necessary 
>software need in the chroot directory. 

	I usually install inside the chrooted environment just the
	minimum:

		cd, ls, vi ... The default commands installed by
		jailaddsw plus bash.

Thanks md_kelly

Kind Regards,
Juan M. Casillas
http://www.jmcresearch.com

>
>>>> "Juan M. Casillas" <as...@er...> 02/13/04 1:00 PM >>>
>>Hello all,
>
>	Hello
>
>>
>>Just happened to stumble across Jail-main in my search for
>>chroot options for sftp access to my webserver.
>>Here is what I am doing and what I want to do.
>>
>>I am running a webserver, Apache 2.0.48, and am going to be
>>hosting a variety of different websites via Virtual Name 
>>hosting. What I want to do is be able to give client 
>>read/write access to only their website directories top-level, 
>>and all folders below, to allow them to update their pages 
>>remotely. I do not want them to be able to access any other 
>>part of the filesystem or be able to execute any commands 
>>other than those necessary for the operation of sftp.
>
>>I am very new to secure logins and the idea of chrotting an
>>ssh session, however, after much reading I am thinking that 
>>Jail-main may be the solution I am looking for.
>
>>My biggest question is about installation. Is it possible for
>>me to only give them access to the sftp server. They will not 
>>be logging in as users of the system in anyway, only to upload 
>>and download to their directories
>
>	I poke arround with sftp and ssh and sftp requires a valid
>	login shell in order to work, so you can't allow sftp without
>	ssh session. But in the other side, I get ftp working without
>	ssh account, that maybe fits inside your needs.
>
>>I apologize if this question is off-topic or anything else. I
>>have just had too many experiences of installing the wrong software
>
>	it is not offtopic!
>	Your questions are always welcome 
>
>>Thank you
>>md_kelly
>
>Kind Regards,
>Juan M. Casillas
>http://www.jmcresearch.com
>
>
>