On Thu, Aug 01, 2002 at 02:32:01PM +0200, Jones Down wrote:
> My alternative is to use ssh, there is a really beatiful win-prog to
> use scp, looks like mc, can be found here:
> but then again you should setup a chroot environment, because it´s
> still not possible to restrict access to a directory with ssh as
> tight as with some ftp-servers, because ssh needs some libraries and
> stuff, so there will be always more then just one upload-dir to see
> for the users. Also don´t forget, that with ssh you users have a full
> shell account, so building that jail should be done with real care. In
> most cases it´s more than you want to give them - what again makes me
> cry about missing ssl in proftpd :(
Ssh version 2 allows you to restrict access to an account, to only use
on specific command, via the private/public key.
There is on example I know of: "anonymous access to CVS via ssh", which
could be used as a reference, search for it at the CVS sites.
This enforces you to use public/private keys, which is good practice
anyway. You can issue/setup personal keys for individual users, and
you can generate a key for "anonymous" access, which is a small file
(the key) which you put publicly on a web page and anyone who wants to
access your repository downloads the file and tells it's secure-shell
client to use it as ID when to connect to the server.
I have read once, that the ftp-subsystem of SSH (sftp) opens security
wholes, but do not know why, I leave it disabled in my setups.
On the other hand, there is stunnel, which allows you to create an ssl
tunnel for any server/client pair. If this is not possible for
proftpd for any tecnical reason don't tell me, I don't install ftp