On 0, Brett Glass <brett@lariat.org> allegedly wrote: > A client wants me to set up a mechanism whereby his customers can drop files > securely into directories on his FreeBSD server; he also wants them to be > able to retrieve files if needed. The server is already running OpenSSH, > and he himself is using Windows clients (TeraTerm and WinSCP) to access it, > so the logical thing to do seems to be to have his clients send and receive > files via SFTP or SCP. > > The users depositing files on the server shouldn't be allowed to see what > one another are doing or to grope around on the system, so it'd be a good > idea to chroot them into home directories, as is commonly done with FTP. > > However, OpenSSH (or at least FreeBSD's version of it) doesn't seem to have a > mechanism that allows users doing SSH, SCP, or SFTP to be chroot-ed into a > specific directory. What is the most effective and elegant way to do this? I've > seen some crude patches that allow you to put a /. in the home directory specified > in /etc/passwd, but these are specific to versions of the "portable" OpenSSH > and none of the diffs seem to match FreeBSD's files exactly. > > --Brett Is there something wrong with using the scponly shell for the users? It is available in ports and at http://www.sublimation.org/scponly/ +-----------------------------------------------------------------+ Nigel Houghton Research Engineer Sourcefire Inc. Vulnerability Research Team Stewie: You know, I rather like this God fellow. Very theatrical, you know. Pestilence here, a plague there. Omnipotence ...gotta get me some of that. _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"