> Renato Lozano wrote:
>
> Hi All,
>
> I am trying to implement a way of transfering files securely over the
> Internet using sftp which is part of the ssh2 protocol. A down side
> of implementing this is that users logging on can browse the whole
> filesystem. I have done some research and found a way to chroot users
> so they won't be able to browse the filesystem
> (http://chrootssh.sourceforge.net/). Can someone please suggest if
> there are any other ways of implementing a secure file transfer
> without patching sshd ???
>
> Nato
I had the same concerns a few months back. I wanted to use sftp but I
disliked the fact that they can see the whole filesystem although
debian's default permission on the important files prevents anyone from
changing them. I did not want to patch ssh either. It was so complex
and I wanted to be keep to a standard ssh so as to keep up with the
security updates to ssh. So I used vpn and ftp. The firewall is set to
block the ftp ports for anything from the internet. Using vpn gives the
user a local ip and thus allows ftp to get through plus the traffic is
encrypted. Proftp lets you chroot the user to their home dir.
You can remove the sftp-server program to disable sftp but you can't
turn off the scp commands. They are part of ssh. So someone could
still use something like winscp and be able to browse everything.
You can "break" scp by making the users shell a menu script (i.e.
/usr/bin/yourmenu instead of /usr/bin/bash) so they can not get to a $
prompt. You also have to define your menu script as a shell
(/etc/shell) so regular ftp will still work.
--
___
(@ @)
----------oOo--(_)--oOo-------------------------------------------
Jon McCain Email: [EMAIL PROTECTED]
Sr. Programmer Voice: 912-355-3213
DavLong Business Solutions Fax: 912-355-3575
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
