I want to instal a "secure" ftp server
Leslie Jensen
leslie at eskk.nu
Fri Mar 12 10:37:08 UTC 2010
krad skrev 2010-03-12 11:07:
>
> enable sftp in ssh and chroot all the users and make the sftp only accounts
>
> I wrote this guide for work a year or so ago. It was for solaris but it was
> using openssh so should work fine on bsd
>
>
> 1. Dont bother with sun ssh it wont work. Opensolaris and later solaris
> 10 are bundled with openssh though.
> 2. Make sure openssh version is 5 or above (some 4s do work but 5 better)
> 3. Add these lines to sshd config
>
> Match Group sftponly
> ChrootDirectory /home/chroot/%u
> X11Forwarding no
> AllowTcpForwarding no
> ForceCommand internal-sftp
>
> 4. Make sure the Subsystem line is this
>
> Subsystem sftp internal-sftp
>
> 5. create the sftponly group on the system
> 6. put the relevent users in this group. be careful as you will stop them
> being able to ssh in!!
> 7. Dead important this bit !!!
>
> mkdir -p /home/chroot/<user>/home/<user>/.ssh
> chown -R root /home/chroot/<user>
> chown -R<user> /home/chroot/<user>
> chmod -R 755 /home/chroot/<user> /home/chroot/<user>/home/<user>
> ln -s /home/chroot/<user>/home/<user> /home/.
>
> 8. Put their ssh keys in /home/chroot/<user>/home/<user>/.ssh
>
> All should now work
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "freebsd-questions-unsubscribe at freebsd.org"
This sounds as a solution I can use :-)
Will Windows users be able to use an ftp client to connect? I've never
implemented ssh with ftp before so I want to clarify for my understanding.
Thanks
/Leslie
More information about the freebsd-questions
mailing list