Re: rssh and chrooting
Brought to you by:
xystrus
From: Derek M. <co...@pi...> - 2003-08-11 05:17:55
|
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Sun, Aug 10, 2003 at 09:10:25PM -0700, Tristan O'Tierney wrote: > Hi Derek, > > Thanks for responding so quickly. I try! > After awhile of digging i realize why that's the case. Apparently > you need all the libs for cp, ls, mv, etc. Yeah... And then there's the logging issue, which is tough to solve. Especially if you don't have access to the source code of your syslogd. Anyway... > Well, i'm sure this question has been asked 1000 > times, but until it's fixed i think it needs to be > asked again: Why isn't there a truely secure, > efficient, and easy file transfer system for linux? Here, I disagree with you. I think ssh-based file transfers are extremely efficient and secure. If your concern is jailing people, you'll find that if you did FTP over SSL or something similar, you'd still have the same issues. It's possible to chroot users with many ftp daemons and some of those even support SSL... but you basically have the exact same problems you have with setting up ssh. I don't know what you think you'd gain by using SSL instead... As far as the need for ssh -- the commercial SSH people include such a utility with their software... I think the OpenSSH people just left it out as an oversight. > i think basing sftp off of ssh was a poor idea by whoever thought of > it. Well, it was done by the SSH guys, so the choice for them was quite obvious... And as I say, it's not like it's easy to find a way around the chroot problem. It might be possible to do this kind of limiting entirely in user-land software, but it's EXTREMELY hard to get it right... Especially with features like symlinks. You could use something like Apache though, if you're stuck on the idea of using SSL, which has much of this implemented. However, you'd have to implement some sort of web form to upload the files, and that piece you'd have to write yourself. Unless you can find a package out there that already does it for you. Good luck! - -- Derek D. Martin http://www.pizzashack.org/ GPG Key ID: 0xDFBEAD02 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQE/NybYdjdlQoHP510RAtopAKC66BrkrFbCYIi1CP9gCBOHVl4u+QCdExxn TbphISN28W8iL6w5cfZkBHY= =LqIl -----END PGP SIGNATURE----- |