chroot scp only network storage?
Balázs Mátéffy
mateffy at enternet.hu
Tue May 25 22:23:31 UTC 2010
Hello,
Try /usr/ports/shells/scponly .
Look up the features, this way you can assign the restrictive scponly shell
to the users:
http://sublimation.org/scponly/wiki/index.php/Main_Page
Best Regards:
Balázs Mátéffy
On 26 May 2010 00:05, Matthew Seaman <m.seaman at infracaninophile.co.uk>wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On 25/05/2010 22:29:57, Matthew Law wrote:
> >
> > I want to provide some users with secure network attached storage over
> > SCP. The intent is to provide people with a similar thing to, e.g.
> > rsync.net but inside of our network only.
> >
> > Security is obviously a priority so I would like each user to be chrooted
> > into their allocated directory and allow them only to execute a small set
> > of commands.
>
> Checkout the security/openssh-portable port which has options to enable
> chroot'ing. You should be able to configure the account to only be able
> to use scp(1) or sftp(1) by editing sshd_config or by using forced
> commands in the user authorized_keys files.
>
> > I have come across scponly before. Is this the best way of achieving
> this
> > with FreeBSD or is there some other better way?
>
> Another alternative is WebDAV. Run it over HTTPS for security, and use
> the standard Apache authn/authz controls to give each user access to
> only their own area. In principle your users can mount their WebDAV
> areas as networked filesystems on their desktops. In practice, this
> works fine with MacOS X, is horribly buggy under Windows, needs quite a
> lot of effort to make work on Linux, and I don't think it's actually
> available at all on FreeBSD. However, commandline clients like cadaver
> will work fine on anything Unixy.
>
> Cheers
>
> Matthew
>
> - --
> Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard
> Flat 3
> PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate
> JID: matthew at infracaninophile.co.uk Kent, CT11 9PW
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG/MacGPG2 v2.0.14 (Darwin)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
>
> iEYEARECAAYFAkv8ScYACgkQ8Mjk52CukIyLRQCginYWfMA2AJKnxZs9rvXlg7qf
> CnUAnj668eKglbUe8RIfp8actDj13gYe
> =jATZ
> -----END PGP SIGNATURE-----
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "
> freebsd-questions-unsubscribe at freebsd.org"
>
More information about the freebsd-questions
mailing list