RE: [Jail-main] Jail-main +apache +sftp and howto (newbie)
Brought to you by:
assman
Menu
▾
▴
RE: [Jail-main] Jail-main +apache +sftp and howto (newbie)
|
From: Juan M. C. <as...@er...> - 2004-02-14 20:56:50
|
Hello, FYI I found the following link http://www.snailbook.com/faq/restricted-scp.auto.html it points the problem you want to solve Hope it helps you Kind Regards, Juan M. Casillas http://www.jmcresearch.com >-----Original Message----- >From: jai...@li...=20 >[mailto:jai...@li...] On Behalf Of=20 >Michael Kelly >Sent: s=E1bado, 14 de febrero de 2004 15:12 >To: jai...@li... >Subject: RE: [Jail-main] Jail-main +apache +sftp and howto (newbie) > > >Hello again Juan, > >-----Original Message----- >From: jai...@li... >[mailto:jai...@li...] On Behalf Of=20 >Juan M. Casillas >Sent: February 14, 2004 12:21 AM >To: 'Michael Kelly' >Cc: jai...@li... >Subject: RE: [Jail-main] Jail-main +apache +sftp and howto (newbie) > > >>Hello Juan, > > Hello Michael > >>I have gone ahead and installed Jail-man and so far it is >>working great. Still have some tweaking to get figured out but=20 >>other than that it seems to be what I was looking for. >> >>Only thing I am looking into now is how much software I need >>to install to the chroot directory in order to get sftp=20 >>working. Obviously I will need to do ssh and the sftp-server,=20 >>but I am unsure of any other requirements. > > > You shouldn't install too much software. From your previous > mail, i deduce that you want your users (from the outside) > can put the files inside the chrooted environment (the > secured machine). Note that jail only chroots filesystems,=09 > not net daemons, and scp & ssh are. > >That is exactly what I want, users to be able to upload and=20 >download files >from and to their machine. I do not want them to be able to=20 >use my machine >to perform any other tasks. I do understand that ssh and scp=20 >are daemons and >cannot be chrooted. My main concern, other than restricting=20 >what they could >do is restricting where they can look. > > Scp & ssh will works without install any software, because > the are outside the chrooted environment (another thing > is that you want that your chrooted users can do scp & > ssh to another machines, but you don't want that, right?) > >No I do not want that (As above) > >I will explain a little more. I am setting up a web server for=20 >our company >to host its office websites on. It is an international company=20 >so most of >these websites will be updated remotely and I wanted to provide sftp >capability for them to do that. The people who are connecting=20 >are "trusted" >users (company employees) but I would rather air on the side=20 >of caution than >allow them free access to the machine. > >>I'm sure through configuration of the sshd_conf I can restrict=20 >>user access to an sftp client only. > > I was poking with this file yesterday and I don't see anything > but please, if you can tweak it to do that, send me the=20 > configuration options back :) > >I remember reading in a post on another forum that you could=20 >set the users >shell as the sftp-server daemon. I have yet to try this. I=20 >also remember >reading a post that you could use sshd_conf directives to=20 >limit a user to >scp or sftpd logins only. I have not tried this yet either,=20 >but when I do, >soon, I will let you know how it turns out > >>Thanks in advance for any advice regarding other necessary=20 >>software need in the chroot directory.=20 > > I usually install inside the chrooted environment just the > minimum: > =09 > cd, ls, vi ... The default commands installed by > jailaddsw plus bash. > >I will try it with that minimal software set. > >Thanks again for your help >md_kelly > > >Kind Regards, >Juan M. Casillas >http://www.jmcresearch.com > >> >>>>> "Juan M. Casillas" <as...@er...> 02/13/04 1:00 PM >>> >>>Hello all, >> >> Hello >> >>> >>>Just happened to stumble across Jail-main in my search for >>>chroot options for sftp access to my webserver. >>>Here is what I am doing and what I want to do. >>> >>>I am running a webserver, Apache 2.0.48, and am going to be >>>hosting a variety of different websites via Virtual Name=20 >>>hosting. What I want to do is be able to give client=20 >>>read/write access to only their website directories top-level,=20 >>>and all folders below, to allow them to update their pages=20 >>>remotely. I do not want them to be able to access any other=20 >>>part of the filesystem or be able to execute any commands=20 >>>other than those necessary for the operation of sftp. >> >>>I am very new to secure logins and the idea of chrotting an >>>ssh session, however, after much reading I am thinking that=20 >>>Jail-main may be the solution I am looking for. >> >>>My biggest question is about installation. Is it possible for >>>me to only give them access to the sftp server. They will not=20 >>>be logging in as users of the system in anyway, only to upload=20 >>>and download to their directories >> >> I poke arround with sftp and ssh and sftp requires a valid >> login shell in order to work, so you can't allow sftp without >> ssh session. But in the other side, I get ftp working without >> ssh account, that maybe fits inside your needs. >> >>>I apologize if this question is off-topic or anything else. I >>>have just had too many experiences of installing the wrong software >> >> it is not offtopic! >> Your questions are always welcome=20 >> >>>Thank you >>>md_kelly >> >>Kind Regards, >>Juan M. Casillas >>http://www.jmcresearch.com >> >> >> > > > >------------------------------------------------------- >SF.Net is sponsored by: Speed Start Your Linux Apps Now. >Build and deploy apps & Web services for Linux with >a free DVD software kit from IBM. Click Now! >http://ads.osdn.com/?ad_id=3D1356&alloc_id=3D3438&op=3Dclick >_______________________________________________ >Jail-main mailing list >Jai...@li... >https://lists.sourceforge.net/lists/listinfo/jail-main > > > > >------------------------------------------------------- >SF.Net is sponsored by: Speed Start Your Linux Apps Now. >Build and deploy apps & Web services for Linux with >a free DVD software kit from IBM. Click Now! >http://ads.osdn.com/?ad_id=1356&alloc_id438&op=3Dick >_______________________________________________ >Jail-main mailing list >Jai...@li... >https://lists.sourceforge.net/lists/listinfo/jail-main > |
