security/openssh-portable
Philip M. Gollucci
pgollucci at riderway.com
Tue Mar 11 22:08:46 UTC 2008
Hi,
I'm setting up a 'chrooted' SFTP only set of users:
/etc/make.conf:
.if ${.CURDIR:M*/usr/ports/security/openssh-portable*}
WITH_SUID_SSH =yes
WITH_OPENSSH_CHROOT =yes
WITH_HPN =yes
WITH_OVERWRITE_BASE =yes
.endif
/etc/rc.conf:
sshd_enable="NO"
openssh_enable="YES"
/etc/passwd:
user:*:3000:3000::0:0:F L:/foo/./user:/bin/sh
Access will be with ssh dsa keys only.
What is the best way to make this SFTP only and not SSH?
1).ssh/authorization?
2) change user's shell to /usr/local/libexec/sftp-server
3) change user's shell to a custom C wrapper around [2]
4) a combination of them
--
------------------------------------------------------------------------
Philip M. Gollucci (philip at ridecharge.com)
o:703.549.2050x206
Senior System Admin - Riderway, Inc.
http://riderway.com / http://ridecharge.com
1024D/EC88A0BF 0DE5 C55C 6BF3 B235 2DAB B89E 1324 9B4F EC88 A0BF
Work like you don't need the money,
love like you'll never get hurt,
and dance like nobody's watching.
More information about the freebsd-questions
mailing list