SSH Problem

Eygene Ryabinkin rea-fbsd at codelabs.ru
Mon Dec 22 02:22:30 PST 2008 

Corne,

Mon, Dec 22, 2008 at 11:22:07AM +0200, Corne Kotze wrote:
> Thank for the reply.
> Sorry for the ignorance, but I should have added this as well.
>
> I am running apart from other things, a secure ftp server on this box as
> well that chroot the users to their home directories.
>
> I got the setup information from the following link:
> http://www.bsdguides.org/guides/freebsd/security/sftp_chroot_users.php

Ahm, SSH.com's realization of SSH suite.  Forgot about this, sorry.
I had never used it, so can't say how to make it work with public key
authentication.  But read on ;))

However, OpenSSH had gained the chroot ability in February 2008,
  http://undeadly.org/cgi?action=article&sid=20080220110039

But if you're running 6.x, you won't be able to use it -- it was
imported only to 7.x and -CURRENT,
  SVN rev 182634 on 2008-09-01 20:03:13Z by des

Though, no hope is lost -- security/openssh-portable is at 5.0p1, and
chroot support is there.  But it is prone to the X11 MITM attack (at
least on HP/UX, don't currently know is FreeBSD is affected),
  http://www.openssh.com/txt/release-5.1
Your mileage may vary, if, for example, you're not using X11 forwarding,
then you might be fine with this.

> Setting the "rc.conf" file to:
> sshd_enable="YES"
> sshd2_enable="NO"
>
> Then my sftp setup does not work properly, unless I am missing something
> that I can set in the "/etc/ssh/sshd_config" file.

Ooookey, if you still prefer SSH.com's software, you may find the following
article very enlightening,
  http://www.ssh.com/support/documentation/online/ssh/adminguide/32/Public-Key_Authentication-2.html

At least for me it looks very sane and verbose.
-- 
Eygene
 _                ___       _.--.   #
 \`.|\..----...-'`   `-._.-'_.-'`   #  Remember that it is hard
 /  ' `         ,       __.--'      #  to read the on-line manual   
 )/' _/     \   `-_,   /            #  while single-stepping the kernel.
 `-'" `"\_  ,_.-;_.-\_ ',  fsc/as   #
     _.-'_./   {_.'   ; /           #    -- FreeBSD Developers handbook 
    {_.-``-'         {_/            #
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 195 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-hackers/attachments/20081222/f98d31da/attachment.pgp

More information about the freebsd-hackers mailing list