> -----Original Message----- > From: redhat-list-bounces@xxxxxxxxxx [mailto:redhat-list- > bounces@xxxxxxxxxx] On Behalf Of McDougall, Marshall (FSH) > Sent: Friday, December 09, 2005 8:24 AM > To: General Red Hat Linux discussion list > Subject: RE: Limiting system and filesystem access > > Thanks, Ed. Maybe I'll just have to be happy with the rssh solution. > It's not perfect, but it's better than nothing. > > Regards, Marshall > > -----Original Message----- > From: redhat-list-bounces@xxxxxxxxxx > [mailto:redhat-list-bounces@xxxxxxxxxx] On Behalf Of Ed Wilts > Sent: Thursday, December 08, 2005 12:36 PM > To: General Red Hat Linux discussion list > Subject: Re: Limiting system and filesystem access > > > On Thu, Dec 08, 2005 at 11:19:46AM -0600, McDougall, Marshall (FSH) > wrote: > > I apologize if this is too OT. > > It's absolutely on topic. > > > So my burning question is: How do I give this user sftp access only > to > > a very limited area of my system? Any assistance appreciated. > > There is no supported and secure method of chroot'ing a user using > openssh. Sadly enough, any number of open source FTP servers will > gladly do this for you making FTP *more* secure than SFTP for this type > of application. This is especially true if you can make ftp/tls work > for you. ftp/tls would be my preferred solution. However if you are forced to stick with ssh/scp you can take a look at http://www.sublimation.org/scponly/. It basically is a shell that only permits scp/sftp interaction and can chroot the user to where you want him to be. > > What we're doing is buying the Tectia SSH server for our external-facing > servers. It's commercial but will give us secure chroot'ed access to > the file systems for our external customers. > > .../Ed > > -- > Ed Wilts, RHCE > Mounds View, MN, USA > mailto:ewilts@xxxxxxxxxx > Member #1, Red Hat Community Ambassador Program > > -- > redhat-list mailing list > unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe > https://www.redhat.com/mailman/listinfo/redhat-list > > -- > redhat-list mailing list > unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe > https://www.redhat.com/mailman/listinfo/redhat-list -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
