Hi Guys n girls I wonder if you can help me? I have set up a file server with SFTP access and I want to lock remote users from a local group named public-ftp into there home directory (/home/public). At the moment when i access the server from sftp client, i can browse up to the root folder and into others. I have done a google and chroot jail seems to be an option, however it does not seem to be secure. Can anyone shed any light as to whether this is a viable option, the folder will only be used fro file storage. Or if there is an alternative way. The /home/public is also a samba share in an environment where sercurity = ADS and password server = ADS DC. There are no conflicts with this config at the moment, ADS domain users have read/write and local public-ftp have read only access. Many Thanks PQ
It seems you must patch OpenSSH to chroot SFTP users: http://mail.incredimail.com/howto/openssh/addons/sftp-chroot.howto.txt http://archives.neohapsis.com/archives/openbsd/2005-08/1236.html
Hi Falko Thanks for the pointers. As my linux experience is limited (I am from a win 98 generation and point and click is all i no, altho i have a willingness to learn), i thought the best way to approach setting up a chroot user is through your 'CHROOTED SSH HOWTO'. After doing so i have had little success in signing into sftp as the (chrooted) testuser: # sftp testuser@localhost Connecting to localhost... /etc/ssh/ssh_config line 41: Unsupported option "GSSAPIAuthentication" testuser@localhost's password: Request for subsystem 'sftp' failed on channel 0 Couldn't read packet: Connection reset by peer However i can sign on to sftp as non-chroot user. Do you no if there is any way diagnose, or if others have had success with this how on Fedora 4. Many Thanks, PQ PS Great site, i am finding a library of knowledge in learning all about linux and its community.