Fedora Linux Support Community & Resources Center

Home Forums Posting Rules Linux Help Fedora Set-Up Guides Ask Fedora Fedora Project
Go Back   FedoraForum.org > Fedora 17/18 > Using Fedora
Reload this Page sftp creating restricted shell for sftp only
FedoraForum Search
Forgot Password? Join Us!
Register All Albums FAQ Search Today's Posts Mark Forums Read

Using Fedora General support for current versions. Ask questions about Fedora and it's software that do not belong in any other forum.

Reply
 
Thread Tools Search this Thread Display Modes
  #1  
Old 29th May 2007, 01:48 AM
105547111 Offline
Registered User
  
Join Date: Jul 2006
Posts: 164
sftp creating restricted shell for sftp only
Hi All,

I read that a way to give users SFTP access without compromising security is to add this to /etc/shells

/usr/libexec/openssh/sftp-server

This way the sftp login can't be used to get shell access.

Anyone got advise?

Thanks!
Reply With Quote
  #2  
Old 29th May 2007, 01:56 AM
jhetrick62 Offline
Registered User
  
Join Date: Feb 2005
Location: Buffalo, Ny
Posts: 875
As for regular ftp use, I just create a user with a shell of /bin/false and that solves all problems. They can ftp but they get no shell to log into if they attempt to telnet or ssh.

I don't know how it relates to sftp as I don't use that.

Jeff
__________________
Registered Linux User #411071

If at first you don't suceed, read the man page again!
Reply With Quote
  #3  
Old 29th May 2007, 02:08 AM
105547111 Offline
Registered User
  
Join Date: Jul 2006
Posts: 164
Hi Jeff,

Thanks for the reply. If you want to use SFTP, the user does require some valid shell login to authenticate them. I already tried /bin/false, they don't get to login as the user has no shell access

I want to block port 21 on the server, so everyone is forced to use SFTP. However I don't want to give out a shell access that could be exploited.

I do run plesk, and they provide a:
/usr/local/psa/bin/chrootsh

However I have read it still can be exploited.

Its a matter of having a very restricted shell access access. That is why I was asking about /usr/libexec/openssh/sftp-server, it seems its a very 'standard' on just about all linux distributions and its said to be very secure, but I like to hear what others have found or know.

Cheers,

David
Reply With Quote
  #4  
Old 29th May 2007, 02:14 AM
jhetrick62 Offline
Registered User
  
Join Date: Feb 2005
Location: Buffalo, Ny
Posts: 875
David,

That makes sense that you have to have a valid shell or how would you be logged in on ssh in order to use sftp. Good luck on your feedback.

Jeff
__________________
Registered Linux User #411071

If at first you don't suceed, read the man page again!
Reply With Quote
Reply

Tags
creating, restricted, sftp, shell

« Previous Thread | Next Thread »
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Sftp? mcgodx Using Fedora 11 17th August 2008 12:39 PM
sftp and ssh Wiles Servers & Networking 5 21st August 2006 09:46 AM
sshd-config sftp/scp w/o shell? hapaboy Security and Privacy 2 21st April 2005 05:33 AM


Current GMT-time: 01:17 (Sunday, 26-05-2013)

TopSubscribe to XML RSS for all Threads in all ForumsFedoraForumDotOrg Archive
logo

All trademarks, and forum posts in this site are property of their respective owner(s).
FedoraForum.org is privately owned and is not directly sponsored by the Fedora Project or Red Hat, Inc.
Privacy Policy | Term of Use | Posting Guidelines | Archive | Contact Us | Founding Members

Powered by vBulletin® Copyright ©2000 - 2012, vBulletin Solutions, Inc.

 FedoraForum is Powered by RedHat