Hello, You can create a chrooted environment for another ssh server: 1/ ldd sshd and sftp-server binaries and copy dependencies2/ copy /etc/{group,hosts,passwd,protocols,pwd.db,resolv.conf,services,ttys} and /bin/{cat,pwd,rm,sh} into your chroot
3/ modify /etc/ files to change users groups ...3bis/ run pwd_mkdb(8) with appropriate options to regenerate password db into your chrooted env
4/ create devices /dev/{log,null,random,...} in your chrooted env
5/ configure your ssh server to listen on another port than 22 if there
is already one on this machine
6/ put "chroot /my_chroot /usr/sbin/sshd" in your rc.local 7/ make a script to apply userland upgrades to your chroot env
...Or....You can create a systrace policy for a sshd instance dedicated to sftp service
Cheers, Frangois Visconte Bambero wrote:
Seems to work fine but it's still not chrooted environment. Users have access to a whole system. On 9/18/06, Francois Visconte <[EMAIL PROTECTED]> wrote:Hello, Try changing sftp-only user's shell to /usr/libexec/sftp-server Cheers, Frangois Visconte Bambero wrote: > Hello > > Is there any good way to setup chrooted sftp-server without shell > access ? > > I tried scponly but it's not secure enough (I heard), there is no port > for openbsd, > and I had problems to set it up. > > Second way is rssh, but compilation fails becouse of worexp. > > Now I'm using ftpd but I want to change it becouse of text/plain > passwords. > > Any suggestions ? > > Bambero
