*Cough *Cough, On Tue, May 18, 2004 at 06:08:52PM +0200, Remko Lodder wrote: > Ahem, > > D> You generally would like to avoid giving people shell (ssh) access if > D> you can avoid it. If you must give shell access, it is best to set up a > D> jail. > > D> However, if you're just doing backup/file access - shell access isn't > D> necessary. You can do ftps, (ports/ftp/bsdftpd-ssl), and easily use > D> that to chroot users. You can do sftp (without ssh shell access), but > D> that's trickier to set up. > > real tricky :-> scponly-3.8_1|/usr/ports/shells/scponly|/usr/local|A tiny > shell that only permits scp and > sftp|/usr/ports/shells/scponly/pkg-descr|rushani@FreeBSD.org|shells|||http:/ > /www.sublimation.org/scponly/ > But not that hard.... ;-) You obviously havn't tried to chroot scponly users.. _that's_ the tricky part. Especially if you want it to scale up beyond a handful of users. If i'm wrong - fill me in i'd love to hear how to do it. Dan _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"