Chrooted SFTP

Support for security such as Firewalls and securing linux
Post Reply
jsoft
Posts: 1
Joined: 2006/06/12 03:43:54

Chrooted SFTP

Post by jsoft » 2006/06/12 03:47:36

Hello......

We have people who need to sftp in. We dont want them to have a normal shell, so we can use sftp-server as their shell, but that means they can browse around the filesystem outside of their home dir.

What im wondering is what the best option is for chrooting people into their home directory? I am aware of scponly, but im thinking there must be something else?

Any ideas?

Thanks

oxxo
Posts: 14
Joined: 2006/04/19 12:48:22

Re: Chrooted SFTP

Post by oxxo » 2006/06/12 07:48:20

hello,

A good solution for you is here http://mysecureshell.sourceforge.net/

I use it I have no problems ;)
Chroot local users, no shell, limit download upload etc..

See ya

ocntscha
Posts: 6
Joined: 2006/06/02 12:51:21

Re: Chrooted SFTP

Post by ocntscha » 2006/06/14 01:52:32

I've been using this.. http://pizzashack.org/rssh/ on a Solaris server for at least a year now with no problems what so ever. Never tried it on Centos but I'd be shocked if it didn't work without a hitch.

Ticko
Posts: 2
Joined: 2007/12/20 08:40:44

Re: Chrooted SFTP

Post by Ticko » 2007/12/20 09:03:52

I have just ran across this and here is how I did it...
1. Download [url=http://sublimation.org/scponly/]SCPonly[/url] shell.
2. Read instructions. :-) it will tell you to do the following:
3. Run: $./configure --enable-chrooted-binary && make && make install
4. Run jail script that comes with scponly: $make jail
5. Do what instructions won't tell you:
6. Copy /dev/null to your chroot $cp -a /dev/null /your_chroot/dev/null
7. Add users that will use chroot to /etc/security/chroot
8. Make sure that /etc/passwd lines for chrooted users look something like this: scponly:x:512:512::/home/scponly//incoming:/usr/local/sbin/scponlyc

This works for me on CentOS 5.
Note that problems with missing files in chroot environment can show very misleading errors in logs.

Good luck!

Ticko
Posts: 2
Joined: 2007/12/20 08:40:44

Re: Chrooted SFTP

Post by Ticko » 2007/12/20 11:03:17

I forgot.
Also add scponlyc to your /etc/shells

K_Frye
Posts: 425
Joined: 2005/07/13 01:48:35
Location: Canada

Re: Chrooted SFTP

Post by K_Frye » 2008/01/21 03:56:59

[quote]
oxxo wrote:
hello,

A good solution for you is here http://mysecureshell.sourceforge.net/

I use it I have no problems ;)
Chroot local users, no shell, limit download upload etc..

See ya[/quote]

Anybody have a working rpm for this? The one on sourceforge complains about a conflict with chkconfig.

It seems to compile okay from source but lacks an init script for /etc/rc.d/init.d/. I don't see a src.rpm for it anywhere either.

Post Reply

Return to “CentOS 4 - Security Support”