Hi All,
First, thank you all for reminding me of netetiquet. I'm a professional learner, so I'm always looking for something new to learn. I will do my best to apply them here.
My question/rfc this time is concerning webserver/ftp/scp security. I've have been hosting my own webserver for the company I work for, as well as ftp services on the same box. Ftp is currently configured for anonymous access, but with the usual "chroot" limitations, hidden "put", no unnecessary accounts, ssh for remote admin, etc. This box is outside my firewall by the way. After downloads, I go and move the data over to where it can be downloaded. My company is small, and It's not a big issue doing this for users.
I would like to upgrade this server, and get rid of ftp altogether. Nevertheless, I still need to provide upload and downloads for internal users, ie employees; as well as company clients who are around the world as per need basis.
I have been researching about OpenSSH chroot. I've read much and it appears that it's possible either by applying patches to it, or by performing some changes to the standard "home" file system set so that users cannot go beyond their home accounts.
I think that, with the documentation I've gathered so far, I could pull it off. However, I have some concerns and would like to pass it by you guys and see if there may be something that I'm not considering.
1. If I chroot/jail users to some space, what happens to say me logging in remotely for admin purposes. Would I be jailed. Is this a all-or-nothing approach?
2. Would any of you have done this and proven that it's working for you. I realize that some of this techniques have to be flexible so that they can be changed if needed.
3. I have a handful of methods I've found, but is there one method that you have tried or recommend?
For now, this is all I can think of. I'd appreciate some comments about this issue.
Thanks in advance for your consideration.
Rafael.
--
.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.
Airborne Hyperspectral Remote Sensing Systems & Solutions
*J. Rafael S�nchez* Systems Administrator E: [EMAIL PROTECTED] W: www.itres.com <http://www.itres.com/>
.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.
_______________________________________________ clug-talk mailing list [EMAIL PROTECTED] http://clug.ca/mailman/listinfo/clug-talk_clug.ca
