On 11/8/06, Gorobets Igor <[EMAIL PROTECTED]> wrote:
Hello. How correctly to adjust this miracle? :-) _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
from http://forums.serverbeach.com/archive/index.php/t-2179.html "FTP is insecure. Passwords are sent in plaintext for anyone to snoop. SFTP is secure, but to use SFTP you generally have to give a user SSH access. Which is not always desirable. So, to give a user SFTP access without SSH access, set their shell to /usr/libexec/openssh/sftp-server instead of /bin/sh or /bin/bash. If your sftp-server is not there, use locate sftp-server to find it." in freebsd sftp-server is located in the /usr/libexec directory. another solution is to use rssh (meaning restricted ssh) from rssh faq "Q: Why did you write this software? A: Mainly, because the question of how to restrict access to scp or sftp only kept coming up on a few different mailing lists I was on at the time... Several people made some suggestions (like using a shell script as the user's shell) which sort of work, but aren't terribly secure or reliable. The commercial SSH product has a program to do this, but OpenSSH does not. Joe Boyle has a similar program called scponly, which at the time I looked at it had some security problems, though they have since been fixed... It does currently have some functionality that rssh does not (namely it works with WinSCP; see below), and some that it never will have (more on that in a moment). Obviously I prefer the way I've implemented my program, or else I wouldn't have written it. =8^) I did not write this program for my own use; I do not use it today, nor have I ever (though obviously I would if the occasion arose). At the time, I was bored, and I thought this project would be amusing and educational, as well as fill a gap. Please keep this in mind when asking for support. Odds are I'll give it pretty quickly if I've got a free minute, but what you get is what you get, and I won't loose sleep over slow response time. You've been warned. " personaly i prefer the first solution from a security viewpoint because sftp-server is writen by the openssh team. Any Comments on the above solutions are welcomed. _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"