Re: secure file transfer
Thanks for all the suggestions. This mailing list rocks !!!!
Nato
----- Original Message -----
From: "José Luis Ledesma" <jledesma@competitiveness.com>
To: "'Renato Lozano'" <r.lozano@rogers.com>;
<debian-security@lists.debian.org>
Sent: Wednesday, June 05, 2002 3:57 AM
Subject: RE: secure file transfer
> You can do a chrooted enviroment (see above) And start de sshd witch
chroot
> <path of chrooted envirment> /sbin/sshd -f /etc/sshd_config
>
> Also you can specify the shell of the users in /etc/passwd as
> /sbin/sftp-server if you only want to allow this users do a sftp.
>
>
> Regards,
>
> .:
> total 36
> drwxr-xr-x 9 root root 4096 Jun 5 10:05 ./
> drwxr-xr-x 11 root root 4096 Jun 3 13:43 ../
> drwxr-xr-x 2 root root 4096 Jun 4 12:13 bin/
> drwxr-xr-x 2 root root 4096 Jun 4 12:16 dev/
> drwxr-xr-x 4 root root 4096 Jun 4 12:35 etc/
> drwxr-xr-x 3 root root 4096 Jun 4 12:13 lib/
> drwxr-xr-x 2 root root 4096 Jun 4 12:35 sbin/
> drwxr-xr-x 2 root root 4096 Jun 4 12:32 tmp/
> drwxr-xr-x 2 root root 4096 Jun 4 12:16 usr/
> ./bin:
> total 8368
> drwxr-xr-x 2 root root 4096 Jun 4 12:13 ./
> drwxr-xr-x 9 root root 4096 Jun 5 10:05 ../
> -rwxr-xr-x 1 root root 109855 Jun 3 13:45 a2p*
> -rwxr-xr-x 1 root root 387764 Jun 3 13:45 bash*
> -rwxr-xr-x 1 root root 36365 Jun 3 13:45 c2ph*
> -rwxr-xr-x 1 root root 20629 Jun 3 13:45 dprofpp*
> -rwxr-xr-x 1 root root 6956 Jun 3 13:46 env*
> -rwxr-xr-x 1 root root 158116 Jun 3 13:45 fax2ps*
> -rwxr-xr-x 1 root root 104008 Jun 3 13:45 faxalter*
> -rwxr-xr-x 1 root root 89340 Jun 3 13:45 faxcover*
> -rwxr-xr-x 1 root root 441584 Jun 3 13:45 faxmail*
> -rwxr-xr-x 1 root root 96036 Jun 3 13:45 faxrm*
> -rwxr-xr-x 1 root root 107000 Jun 3 13:45 faxstat*
> -rwxr-xr-x 1 root root 77832 Jun 4 11:46 grep*
> -rwxr-xr-x 1 root root 19597 Jun 3 13:45 h2ph*
> -rwxr-xr-x 1 root root 46979 Jun 3 13:45 h2xs*
> -rwxr-xr-x 1 root root 10420 Jun 3 13:46 id*
> -rwxr-xr-x 1 root root 4528 Jun 3 13:46 ldd*
> -rwxr-xr-x 1 root root 111386 Jun 4 11:46 less*
> -r-xr-xr-x 1 root root 26168 Jun 3 13:45 login*
> -rwxr-xr-x 1 root root 49164 Jun 3 13:45 ls*
> -rwxr-xr-x 1 root root 11600 Jun 3 13:45 mkdir*
> -rwxr-xr-x 1 root root 24780 Jun 3 13:45 more*
> -rwxr-xr-x 1 root root 154980 Jun 3 13:45 pal2rgb*
> -rwsr-xr-x 1 root root 27920 Jun 3 13:46 passwd*
> -rwxr-xr-x 1 root root 4241 Jun 3 13:45 pl2pm*
> -rwxr-xr-x 1 root root 2350 Jun 3 13:45 pod2html*
> -rwxr-xr-x 1 root root 7875 Jun 3 13:45 pod2latex*
> -rwxr-xr-x 1 root root 17587 Jun 3 13:45 pod2man*
> -rwxr-xr-x 1 root root 6877 Jun 3 13:45 pod2text*
> -rwxr-xr-x 1 root root 3300 Jun 3 13:45 pod2usage*
> -rwxr-xr-x 1 root root 3341 Jun 3 13:45 podchecker*
> -rwxr-xr-x 1 root root 2483 Jun 3 13:45 podselect*
> -r-xr-xr-x 1 root root 82412 Jun 4 11:46 ps*
> -rwxr-xr-x 1 root root 36365 Jun 3 13:45 pstruct*
> -rwxr-xr-x 1 root root 7120 Jun 3 13:45 pwd*
> -rwxr-xr-x 1 root root 179884 Jun 3 13:45 rgb2ycbcr*
> -rwxr-xr-x 1 root root 20532 Jun 3 13:45 rm*
> -rwxr-xr-x 1 root root 6720 Jun 4 10:15 rmdir*
> -rwxr-xr-x 1 root root 14705 Jun 3 13:45 s2p*
> -rwxr-xr-x 1 root root 28764 Jun 3 13:46 scp*
> -rwxr-xr-x 1 root root 385000 Jun 3 13:45 sendfax*
> -rwxr-xr-x 1 root root 67548 Jun 3 13:45 sendpage*
> -rwxr-xr-x 1 root root 88632 Jun 3 13:46 sftp*
> -rwxr-xr-x 1 root root 387764 Jun 3 13:45 sh*
> -rws--x--x 1 root root 744500 Jun 3 13:46 slogin*
> -rwxr-xr-x 1 root root 14523 Jun 3 13:46 splain*
> -rws--x--x 1 root root 744500 Jun 3 13:46 ssh*
> -rwxr-xr-x 1 root root 570960 Jun 3 13:46 ssh-add*
> -rwxr-xr-x 1 root root 502952 Jun 3 13:46 ssh-agent*
> -rwxr-xr-x 1 root root 575740 Jun 3 13:46 ssh-keygen*
> -rwxr-xr-x 1 root root 383480 Jun 3 13:46 ssh-keyscan*
> -rwxr-xr-x 1 root root 39 Jun 3 13:46 ssh_europa*
> -rwxr-xr-x 1 root root 107252 Jun 4 10:14 strace*
> -rwxr-xr-x 1 root root 8323 Jun 4 10:14 strace-graph*
> -rwxr-xr-x 1 root root 158088 Jun 3 13:46 thumbnail*
> -rwxr-xr-x 1 root root 6312 Jun 3 13:46 tty*
> -rwxr-xr-x 1 root root 55904 Jun 4 11:46 useradd*
> -rwxr-xr-x 1 root root 585656 Jun 4 11:47 vi*
> -rwxr-xr-x 1 root root 6444 Jun 4 11:45 whoami*
> ./dev:
> total 8
> drwxr-xr-x 2 root root 4096 Jun 4 12:16 ./
> drwxr-xr-x 9 root root 4096 Jun 5 10:05 ../
> crw-r--r-- 1 root root 1, 9 Jun 3 13:43 urandom
> ./etc:
> total 208
> drwxr-xr-x 4 root root 4096 Jun 4 12:35 ./
> drwxr-xr-x 9 root root 4096 Jun 5 10:05 ../
> -rw------- 1 root root 0 Jun 4 11:46 .pwd.lock
> -rw-r--r-- 1 root root 653 Jun 3 13:46 group
> -rw-r--r-- 1 root root 242 Jun 4 11:33 host.conf
> -rw-r--r-- 1 root root 857 Jun 4 12:04 hosts
> -rw-r--r-- 1 root root 1050 Jun 4 11:29 ld.so.cache
> -rw-r--r-- 1 root root 304 Jun 4 11:28 ld.so.conf
> -rw-r--r-- 1 root root 235 Jun 4 11:27 ld.so.conf~
> -rw-r--r-- 1 root root 88039 Jun 3 13:46 moduli
> -rw-r--r-- 1 root root 1342 Jun 4 11:34 nsswitch.conf
> drwxr-xr-x 2 root root 4096 Jun 4 12:02 pam.d/
> -rw-r--r-- 1 root root 28 Jun 4 12:00 pam_smb.conf
> -rw-r--r-- 1 root root 2520 Jun 4 11:57 passwd
> -rw-r--r-- 1 root root 7228 Jun 3 13:48 profile
> -rw-r--r-- 1 root root 1339 Jun 4 11:33 protocols
> -rw-r--r-- 1 root root 274 Jun 4 11:44 resolv.conf
> drwxr-xr-x 2 root root 4096 Jun 3 13:43 security/
> -rw-r----- 1 root root 1178 Jun 4 11:51 shadow
> -rw------- 1 root root 80 Jun 4 11:45 shadow-
> -rw-r----- 1 root root 1178 Jun 4 11:48 shadow.old
> -rw-r--r-- 1 root root 161 Jun 3 13:46 shells
> -rw-r--r-- 1 root root 1144 Jun 3 13:46 ssh_config
> -rw------- 1 root root 668 Jun 3 13:46 ssh_host_dsa_key
> -rw-r--r-- 1 root root 602 Jun 3 13:46 ssh_host_dsa_key.pub
> -rw------- 1 root root 527 Jun 3 13:46 ssh_host_key
> -rw-r--r-- 1 root root 331 Jun 3 13:46 ssh_host_key.pub
> -rw------- 1 root root 883 Jun 3 13:46 ssh_host_rsa_key
> -rw-r--r-- 1 root root 222 Jun 3 13:46 ssh_host_rsa_key.pub
> -rw-r--r-- 1 root root 2471 Jun 4 12:15 sshd_config
> ./etc/pam.d:
> total 24
> drwxr-xr-x 2 root root 4096 Jun 4 12:02 ./
> drwxr-xr-x 4 root root 4096 Jun 4 12:35 ../
> lrwxrwxrwx 1 root root 4 Jun 4 12:02 other -> sshd
> -rw-r--r-- 1 root root 318 Jun 3 13:46 passwd
> -rw-r--r-- 1 root root 546 Jun 4 11:36 ssh
> -rw-r--r-- 1 root root 479 Jun 4 12:02 sshd
> -rw-r--r-- 1 root root 370 Jun 3 13:46 su
> ./etc/security:
> total 32
> drwxr-xr-x 2 root root 4096 Jun 3 13:43 ./
> drwxr-xr-x 4 root root 4096 Jun 4 12:35 ../
> -rw-r--r-- 1 root root 1971 Jun 3 13:46 access.conf
> -rw-r--r-- 1 root root 184 Jun 3 13:46 chroot.conf
> -rw-r--r-- 1 root root 2145 Jun 3 13:46 group.conf
> -rw-r--r-- 1 root root 1356 Jun 3 13:46 limits.conf
> -rw-r--r-- 1 root root 2858 Jun 3 13:46 pam_env.conf
> -rw-r--r-- 1 root root 2154 Jun 3 13:46 time.conf
> ./lib:
> total 8316
> drwxr-xr-x 3 root root 4096 Jun 4 12:13 ./
> drwxr-xr-x 9 root root 4096 Jun 5 10:05 ../
> -rw-r--r-- 1 root root 1024 Jun 4 11:51 cracklib_dict.hwm
> -rw-r--r-- 1 root root 214324 Jun 4 11:51 cracklib_dict.pwd
> -rw-r--r-- 1 root root 11360 Jun 4 11:51 cracklib_dict.pwi
> -rwxr-xr-x 1 root root 342427 Jun 3 13:46 ld-linux.so.2*
> -rwxr-xr-x 1 root root 4061504 Jun 3 13:46 libc.so.6*
> lrwxrwxrwx 1 root root 15 Jun 4 12:11 libcrack.so -> libcrack.so.2.7*
> lrwxrwxrwx 1 root root 15 Jun 4 12:11 libcrack.so.2 -> libcrack.so.2.7*
> -rwxr-xr-x 1 root root 33291 Jun 4 11:39 libcrack.so.2.7*
> -rwxr-xr-x 1 root root 60988 Jun 3 13:46 libcrypt.so.1*
> -rwxr-xr-x 1 root root 71846 Jun 3 13:46 libdl.so.2*
> -rwxr-xr-x 1 root root 27762 Jun 3 13:46 libhistory.so.4.0*
> lrwxrwxrwx 1 root root 17 Jun 4 12:12 libncurses.so.4 ->
libncurses.so.4.2*
> -rwxr-xr-x 1 root root 503903 Jun 3 13:46 libncurses.so.4.2*
> lrwxrwxrwx 1 root root 17 Jun 4 12:12 libncurses.so.5 ->
libncurses.so.5.0*
> -rwxr-xr-x 1 root root 549429 Jun 3 13:46 libncurses.so.5.0*
> -rwxr-xr-x 1 root root 369801 Jun 3 13:46 libnsl.so.1*
> -rwxr-xr-x 1 root root 142563 Jun 4 11:49 libnss_compat.so.1*
> -rwxr-xr-x 1 root root 215569 Jun 4 11:49 libnss_compat.so.2*
> -rwxr-xr-x 1 root root 61648 Jun 4 11:34 libnss_dns.so.1*
> -rwxr-xr-x 1 root root 63453 Jun 4 11:34 libnss_dns.so.2*
> -rwxr-xr-x 1 root root 63782 Jun 4 11:34 libnss_dns6.so.2*
> -rwxr-xr-x 1 root root 205715 Jun 3 13:46 libnss_files.so.1*
> -rwxr-xr-x 1 root root 235932 Jun 3 13:49 libnss_files.so.2*
> -rwxr-xr-x 1 root root 204383 Jun 4 11:33 libnss_nis.so.1*
> -rwxr-xr-x 1 root root 254023 Jun 4 11:33 libnss_nis.so.2*
> -rwxr-xr-x 1 root root 256465 Jun 4 11:33 libnss_nisplus.so.2*
> lrwxrwxrwx 1 root root 14 Jun 4 12:12 libpam.so.0 -> libpam.so.0.72*
> -rwxr-xr-x 1 root root 31449 Jun 3 13:46 libpam.so.0.72*
> lrwxrwxrwx 1 root root 19 Jun 4 12:12 libpam_misc.so.0 ->
> libpam_misc.so.0.72*
> -rwxr-xr-x 1 root root 8125 Jun 3 13:46 libpam_misc.so.0.72*
> lrwxrwxrwx 1 root root 15 Jun 4 12:12 libpamc.so.0 -> libpamc.so.0.72*
> -rwxr-xr-x 1 root root 10499 Jun 3 13:46 libpamc.so.0.72*
> -rwxr-xr-x 1 root root 176427 Jun 3 13:46 libreadline.so.4.0*
> -rwxr-xr-x 1 root root 44729 Jun 3 13:46 libutil.so.1*
> -rwxr-xr-x 1 root root 70254 Jun 3 13:46 libz.a*
> lrwxrwxrwx 1 root root 13 Jun 4 12:13 libz.so -> libz.so.1.1.3*
> lrwxrwxrwx 1 root root 13 Jun 4 12:13 libz.so.1 -> libz.so.1.1.3*
> -rwxr-xr-x 1 root root 63312 Jun 3 13:46 libz.so.1.1.3*
> drwxr-xr-x 2 root root 4096 Jun 4 12:00 security/
> ./lib/security:
> total 668
> drwxr-xr-x 2 root root 4096 Jun 4 12:00 ./
> drwxr-xr-x 3 root root 4096 Jun 4 12:13 ../
> -rwxr-xr-x 1 root root 10067 Jun 3 13:46 pam_access.so*
> -rwxr-xr-x 1 root root 8300 Jun 3 13:46 pam_chroot.so*
> -rwxr-xr-x 1 root root 14397 Jun 3 13:46 pam_cracklib.so*
> -rwxr-xr-x 1 root root 5082 Jun 3 13:46 pam_deny.so*
> -rwxr-xr-x 1 root root 13153 Jun 3 13:46 pam_env.so*
> -rwxr-xr-x 1 root root 13371 Jun 3 13:46 pam_filter.so*
> -rwxr-xr-x 1 root root 7957 Jun 3 13:46 pam_ftp.so*
> -rwxr-xr-x 1 root root 12771 Jun 3 13:46 pam_group.so*
> -rwxr-xr-x 1 root root 10174 Jun 3 13:46 pam_issue.so*
> -rwxr-xr-x 1 root root 9774 Jun 3 13:46 pam_lastlog.so*
> -rwxr-xr-x 1 root root 13591 Jun 3 13:46 pam_limits.so*
> -rwxr-xr-x 1 root root 11268 Jun 3 13:46 pam_listfile.so*
> -rwxr-xr-x 1 root root 11182 Jun 3 13:46 pam_mail.so*
> -rwxr-xr-x 1 root root 5923 Jun 3 13:46 pam_nologin.so*
> -rwxr-xr-x 1 root root 5460 Jun 3 13:46 pam_permit.so*
> -rwxr-xr-x 1 root root 18226 Jun 3 13:46 pam_pwcheck.so*
> -rwxr-xr-x 1 root root 12590 Jun 3 13:46 pam_rhosts_auth.so*
> -rwxr-xr-x 1 root root 5551 Jun 3 13:46 pam_rootok.so*
> -rwxr-xr-x 1 root root 7239 Jun 3 13:46 pam_securetty.so*
> -rwxr-xr-x 1 root root 6551 Jun 3 13:46 pam_shells.so*
> -rwxr-xr-x 1 root root 55925 Jun 4 12:00 pam_smb_auth.so*
> -rwxr-xr-x 1 root root 12678 Jun 3 13:46 pam_stress.so*
> -rwxr-xr-x 1 root root 11170 Jun 3 13:46 pam_tally.so*
> -rwxr-xr-x 1 root root 11124 Jun 3 13:46 pam_time.so*
> -rwxr-xr-x 1 root root 45703 Jun 3 13:46 pam_unix.so*
> -rwxr-xr-x 1 root root 45703 Jun 3 13:46 pam_unix2.so*
> -rwxr-xr-x 1 root root 45386 Jun 3 13:46 pam_unix_acct.so*
> -rwxr-xr-x 1 root root 45386 Jun 3 13:46 pam_unix_auth.so*
> -rwxr-xr-x 1 root root 45386 Jun 3 13:46 pam_unix_passwd.so*
> -rwxr-xr-x 1 root root 45386 Jun 3 13:46 pam_unix_session.so*
> -rwxr-xr-x 1 root root 9726 Jun 3 13:46 pam_userdb.so*
> -rwxr-xr-x 1 root root 6424 Jun 3 13:46 pam_warn.so*
> -rwxr-xr-x 1 root root 7460 Jun 3 13:46 pam_wheel.so*
> ./sbin:
> total 3132
> drwxr-xr-x 2 root root 4096 Jun 4 12:35 ./
> drwxr-xr-x 9 root root 4096 Jun 5 10:05 ../
> -rwxr-xr-x 1 root root 178256 Jun 3 13:46 choptest*
> -rwxr-xr-x 1 root root 184032 Jun 3 13:46 cqtest*
> -rwxr-xr-x 1 root root 81096 Jun 3 13:46 dialtest*
> -rwxr-xr-x 1 root root 1142128 Jun 4 11:28 ldconfig*
> -rwxr-xr-x 1 root root 2868 Jun 3 13:46 lockname*
> -rwxr-xr-x 1 root root 3340 Jun 3 13:46 ondelay*
> -rwxr-xr-x 1 root root 376796 Jun 3 13:46 pagesend*
> -rwxr-xr-x 1 root root 13950 Jun 3 13:46 probemodem*
> -rwxr-xr-x 1 root root 9234 Jun 3 13:46 recvstats*
> -rwxr-xr-x 1 root root 64480 Jun 3 13:46 sftp-server*
> -rwxr-xr-x 1 root root 744412 Jun 3 13:46 sshd*
> -rwsr-xr-x 1 root root 30750 Jun 4 11:46 su*
> -rwxr-xr-x 1 root root 194632 Jun 3 13:46 tagtest*
> -rwxr-xr-x 1 root root 69892 Jun 3 13:46 tsitest*
> -rwxr-xr-x 1 root root 43792 Jun 3 13:46 typetest*
> ./tmp:
> total 8
> drwxr-xr-x 2 root root 4096 Jun 4 12:32 ./
> drwxr-xr-x 9 root root 4096 Jun 5 10:05 ../
> ./usr:
> total 8
> drwxr-xr-x 2 root root 4096 Jun 4 12:16 ./
> drwxr-xr-x 9 root root 4096 Jun 5 10:05 ../
> lrwxrwxrwx 1 root root 7 Jun 4 12:14 bin -> ../bin//
> lrwxrwxrwx 1 root root 7 Jun 4 11:33 lib -> ../lib//
> lrwxrwxrwx 1 root root 8 Jun 4 12:13 sbin -> ../sbin//
>
>
>
> _________________________
> CLUSTER COMPETITIVENESS
> José Luis Ledesma
> Technology Park Valles
> 08290 Barcelona - Spain
> http://www.clustercom.com
> Tel.: +34 93 582 02 90 Fax: +34 93 582 01 59
> -----Original Message-----
> From: Renato Lozano [mailto:r.lozano@rogers.com]
> Sent: martes, 04 de junio de 2002 2:40
> To: debian-security@lists.debian.org
> Subject: secure file transfer
>
>
> Hi All,
>
> I am trying to implement a way of transfering files securely over the
> Internet using sftp which is part of the ssh2 protocol. A down side of
> implementing this is that users logging on can browse the whole
filesystem.
> I have done some research and found a way to chroot users so they won't be
> able to browse the filesystem (http://chrootssh.sourceforge.net/). Can
> someone please suggest if there are any other ways of implementing a
secure
> file transfer without patching sshd ???
>
> Nato
>
>
> --
> To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact
listmaster@lists.debian.org
>
>
>
>
--
To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: