Navigation

papaqube · #1 29th April 2006, 01:32

Hi Guys n girls

I wonder if you can help me?

I have set up a file server with SFTP access and I want to lock remote users from a local group named public-ftp into there home directory (/home/public). At the moment when i access the server from sftp client, i can browse up to the root folder and into others.

I have done a google and chroot jail seems to be an option, however it does not seem to be secure. Can anyone shed any light as to whether this is a viable option, the folder will only be used fro file storage. Or if there is an alternative way.

The /home/public is also a samba share in an environment where sercurity = ADS and password server = ADS DC. There are no conflicts with this config at the moment, ADS domain users have read/write and local public-ftp have read only access.

Many Thanks

PQ

falko · #2 29th April 2006, 13:48

It seems you must patch OpenSSH to chroot SFTP users:
http://mail.incredimail.com/howto/op...root.howto.txt
http://archives.neohapsis.com/archiv...5-08/1236.html

papaqube · #3 2nd May 2006, 02:23

Hi Falko

Thanks for the pointers.

As my linux experience is limited (I am from a win 98 generation and point and click is all i no, altho i have a willingness to learn), i thought the best way to approach setting up a chroot user is through your 'CHROOTED SSH HOWTO'.

After doing so i have had little success in signing into sftp as the (chrooted) testuser:

# sftp testuser@localhost
Connecting to localhost...
/etc/ssh/ssh_config line 41: Unsupported option "GSSAPIAuthentication"
testuser@localhost's password:
Request for subsystem 'sftp' failed on channel 0
Couldn't read packet: Connection reset by peer

However i can sign on to sftp as non-chroot user. Do you no if there is any way diagnose, or if others have had success with this how on Fedora 4.

Many Thanks, PQ

PS Great site, i am finding a library of knowledge in learning all about linux and its community.