chroot scp only network storage?

Balázs Mátéffy mateffy at enternet.hu
Tue May 25 22:23:31 UTC 2010 

Hello,


Try /usr/ports/shells/scponly .

Look up the features, this way you can assign the restrictive scponly shell
to the users:

http://sublimation.org/scponly/wiki/index.php/Main_Page

Best Regards:

Balázs Mátéffy



On 26 May 2010 00:05, Matthew Seaman <m.seaman at infracaninophile.co.uk>wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On 25/05/2010 22:29:57, Matthew Law wrote:
> >
> > I want to provide some users with secure network attached storage over
> > SCP.  The intent is to provide people with a similar thing to, e.g.
> > rsync.net but inside of our network only.
> >
> > Security is obviously a priority so I would like each user to be chrooted
> > into their allocated directory and allow them only to execute a small set
> > of commands.
>
> Checkout the security/openssh-portable port which has options to enable
> chroot'ing.  You should be able to configure the account to only be able
> to use scp(1) or sftp(1) by editing sshd_config or by using forced
> commands in the user authorized_keys files.
>
> > I have come across scponly before.  Is this the best way of achieving
> this
> > with FreeBSD or is there some other better way?
>
> Another alternative is WebDAV.  Run it over HTTPS for security, and use
> the standard Apache authn/authz controls to give each user access to
> only their own area.  In principle your users can mount their WebDAV
> areas as networked filesystems on their desktops.  In practice, this
> works fine with MacOS X, is horribly buggy under Windows, needs quite a
> lot of effort to make work on Linux, and I don't think it's actually
> available at all on FreeBSD.  However, commandline clients like cadaver
> will work fine on anything Unixy.
>
>        Cheers
>
>        Matthew
>
> - --
> Dr Matthew J Seaman MA, D.Phil.                   7 Priory Courtyard
>                                                  Flat 3
> PGP: http://www.infracaninophile.co.uk/pgpkey     Ramsgate
> JID: matthew at infracaninophile.co.uk               Kent, CT11 9PW
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG/MacGPG2 v2.0.14 (Darwin)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
>
> iEYEARECAAYFAkv8ScYACgkQ8Mjk52CukIyLRQCginYWfMA2AJKnxZs9rvXlg7qf
> CnUAnj668eKglbUe8RIfp8actDj13gYe
> =jATZ
> -----END PGP SIGNATURE-----
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "
> freebsd-questions-unsubscribe at freebsd.org"
>

More information about the freebsd-questions mailing list