On Fri, Jun 20, 2003 at 02:24:22PM -0400, Matt Zimmerman wrote: > On Fri, Jun 20, 2003 at 12:56:01PM -0400, Stephen Gran wrote: > > > I am thinking about setting up an FTP server to be used by myself and a > > couple of friends. The box it will be running on is basically stock > > Woody, and is currently only running apache and NAT'ing for a LAN. > > > > I'd like the FTP server to not allow anonymous logins (which I assume > > most can do), chroot users to their home directories, and have some sort > > of encrypted connections (over SSL would be nice). I have thought about > > just using sftp, but currently ssh connections are rerouted to another > > box on the LAN, and I'd like to leave that set up as is, if possible. > > You could run sshd on another port. Really, if you want encryption and no > anonymous connections, sftp is the right tool for the job. > I went against running an FTP server for my users and went for using SFTP (part of sshd). For users who just have a standard web package (so they have no shell access) I give them a shell called 'scponly-c', from the package scponly which can be found at http://www.sublimation.org/scponly/ So they can only use SFTP and/or scp to upload files, no shell access. They are also chroot'ed to their home directory for a bit of added security. I haven't had any reported problems. You need to provide the programs they'll need though, like ls, pwd etc. etc. in their home directory as they are running in a chroot (if you take that option - It is possible without the chroot). HTH, David. -- .''`. David Ramsden <david@hexstream.eu.org> : :' : http://portal.hexstream.eu.org/ `. `'` PGP key ID: 507B379B on wwwkeys.pgp.net `- Debian - when you have better things to do than to fix a system.
Attachment:
pgpncuubsid6C.pgp
Description: PGP signature