krad skrev 2010-03-12 11:07:
enable sftp in ssh and chroot all the users and make the sftp only accounts
I wrote this guide for work a year or so ago. It was for solaris but it was
using openssh so should work fine on bsd
1. Dont bother with sun ssh it wont work. Opensolaris and later solaris
10 are bundled with openssh though.
2. Make sure openssh version is 5 or above (some 4s do work but 5 better)
3. Add these lines to sshd config
Match Group sftponly
ChrootDirectory /home/chroot/%u
X11Forwarding no
AllowTcpForwarding no
ForceCommand internal-sftp
4. Make sure the Subsystem line is this
Subsystem sftp internal-sftp
5. create the sftponly group on the system
6. put the relevent users in this group. be careful as you will stop them
being able to ssh in!!
7. Dead important this bit !!!
mkdir -p /home/chroot/<user>/home/<user>/.ssh
chown -R root /home/chroot/<user>
chown -R<user> /home/chroot/<user>
chmod -R 755 /home/chroot/<user> /home/chroot/<user>/home/<user>
ln -s /home/chroot/<user>/home/<user> /home/.
8. Put their ssh keys in /home/chroot/<user>/home/<user>/.ssh
All should now work
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
This sounds as a solution I can use :-)
Will Windows users be able to use an ftp client to connect? I've never
implemented ssh with ftp before so I want to clarify for my understanding.
Thanks
/Leslie
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
