RE: [Jail-main] Jail-main +apache +sftp and howto (newbie)
Brought to you by:
assman
Menu
▾
▴
RE: [Jail-main] Jail-main +apache +sftp and howto (newbie)
|
From: Michael K. <md_...@te...> - 2004-02-14 14:14:09
|
Hello again Juan, -----Original Message----- From: jai...@li... [mailto:jai...@li...] On Behalf Of Juan M. = Casillas Sent: February 14, 2004 12:21 AM To: 'Michael Kelly' Cc: jai...@li... Subject: RE: [Jail-main] Jail-main +apache +sftp and howto (newbie) >Hello Juan, Hello Michael >I have gone ahead and installed Jail-man and so far it is=20 >working great. Still have some tweaking to get figured out but=20 >other than that it seems to be what I was looking for. > >Only thing I am looking into now is how much software I need=20 >to install to the chroot directory in order to get sftp=20 >working. Obviously I will need to do ssh and the sftp-server,=20 >but I am unsure of any other requirements. You shouldn't install too much software. From your previous mail, i deduce that you want your users (from the outside) can put the files inside the chrooted environment (the secured machine). Note that jail only chroots filesystems,=09 not net daemons, and scp & ssh are. That is exactly what I want, users to be able to upload and download = files from and to their machine. I do not want them to be able to use my = machine to perform any other tasks. I do understand that ssh and scp are daemons = and cannot be chrooted. My main concern, other than restricting what they = could do is restricting where they can look. Scp & ssh will works without install any software, because the are outside the chrooted environment (another thing is that you want that your chrooted users can do scp & ssh to another machines, but you don't want that, right?) No I do not want that (As above) I will explain a little more. I am setting up a web server for our = company to host its office websites on. It is an international company so most = of these websites will be updated remotely and I wanted to provide sftp capability for them to do that. The people who are connecting are = "trusted" users (company employees) but I would rather air on the side of caution = than allow them free access to the machine. >I'm sure through configuration of the sshd_conf I can restrict=20 >user access to an sftp client only. I was poking with this file yesterday and I don't see anything but please, if you can tweak it to do that, send me the=20 configuration options back :) I remember reading in a post on another forum that you could set the = users shell as the sftp-server daemon. I have yet to try this. I also remember reading a post that you could use sshd_conf directives to limit a user = to scp or sftpd logins only. I have not tried this yet either, but when I = do, soon, I will let you know how it turns out >Thanks in advance for any advice regarding other necessary=20 >software need in the chroot directory.=20 I usually install inside the chrooted environment just the minimum: =09 cd, ls, vi ... The default commands installed by jailaddsw plus bash. I will try it with that minimal software set. Thanks again for your help md_kelly Kind Regards, Juan M. Casillas http://www.jmcresearch.com > >>>> "Juan M. Casillas" <as...@er...> 02/13/04 1:00 PM >>> >>Hello all, > > Hello > >> >>Just happened to stumble across Jail-main in my search for >>chroot options for sftp access to my webserver. >>Here is what I am doing and what I want to do. >> >>I am running a webserver, Apache 2.0.48, and am going to be >>hosting a variety of different websites via Virtual Name=20 >>hosting. What I want to do is be able to give client=20 >>read/write access to only their website directories top-level,=20 >>and all folders below, to allow them to update their pages=20 >>remotely. I do not want them to be able to access any other=20 >>part of the filesystem or be able to execute any commands=20 >>other than those necessary for the operation of sftp. > >>I am very new to secure logins and the idea of chrotting an >>ssh session, however, after much reading I am thinking that=20 >>Jail-main may be the solution I am looking for. > >>My biggest question is about installation. Is it possible for >>me to only give them access to the sftp server. They will not=20 >>be logging in as users of the system in anyway, only to upload=20 >>and download to their directories > > I poke arround with sftp and ssh and sftp requires a valid > login shell in order to work, so you can't allow sftp without > ssh session. But in the other side, I get ftp working without > ssh account, that maybe fits inside your needs. > >>I apologize if this question is off-topic or anything else. I >>have just had too many experiences of installing the wrong software > > it is not offtopic! > Your questions are always welcome=20 > >>Thank you >>md_kelly > >Kind Regards, >Juan M. Casillas >http://www.jmcresearch.com > > > ------------------------------------------------------- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps & Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=3D1356&alloc_id=3D3438&op=3Dclick _______________________________________________ Jail-main mailing list Jai...@li... https://lists.sourceforge.net/lists/listinfo/jail-main |
