Page 1 of 1

Chrooted SFTP

Posted: 2006/06/12 03:47:36
by jsoft
Hello......

We have people who need to sftp in. We dont want them to have a normal shell, so we can use sftp-server as their shell, but that means they can browse around the filesystem outside of their home dir.

What im wondering is what the best option is for chrooting people into their home directory? I am aware of scponly, but im thinking there must be something else?

Any ideas?

Thanks

Re: Chrooted SFTP

Posted: 2006/06/12 07:48:20
by oxxo
hello,

A good solution for you is here http://mysecureshell.sourceforge.net/

I use it I have no problems ;)
Chroot local users, no shell, limit download upload etc..

See ya

Re: Chrooted SFTP

Posted: 2006/06/14 01:52:32
by ocntscha
I've been using this.. http://pizzashack.org/rssh/ on a Solaris server for at least a year now with no problems what so ever. Never tried it on Centos but I'd be shocked if it didn't work without a hitch.

Re: Chrooted SFTP

Posted: 2007/12/20 09:03:52
by Ticko
I have just ran across this and here is how I did it...
1. Download [url=http://sublimation.org/scponly/]SCPonly[/url] shell.
2. Read instructions. :-) it will tell you to do the following:
3. Run: $./configure --enable-chrooted-binary && make && make install
4. Run jail script that comes with scponly: $make jail
5. Do what instructions won't tell you:
6. Copy /dev/null to your chroot $cp -a /dev/null /your_chroot/dev/null
7. Add users that will use chroot to /etc/security/chroot
8. Make sure that /etc/passwd lines for chrooted users look something like this: scponly:x:512:512::/home/scponly//incoming:/usr/local/sbin/scponlyc

This works for me on CentOS 5.
Note that problems with missing files in chroot environment can show very misleading errors in logs.

Good luck!

Re: Chrooted SFTP

Posted: 2007/12/20 11:03:17
by Ticko
I forgot.
Also add scponlyc to your /etc/shells

Re: Chrooted SFTP

Posted: 2008/01/21 03:56:59
by K_Frye
[quote]
oxxo wrote:
hello,

A good solution for you is here http://mysecureshell.sourceforge.net/

I use it I have no problems ;)
Chroot local users, no shell, limit download upload etc..

See ya[/quote]

Anybody have a working rpm for this? The one on sourceforge complains about a conflict with chkconfig.

It seems to compile okay from source but lacks an init script for /etc/rc.d/init.d/. I don't see a src.rpm for it anywhere either.