Re: Best SFTP (w/chroot): vsftpd vs mysecureshell vs other ??

[Bob Goldberg <bobg.hahc@gmail.com>]

On Sat, Jan 4, 2014 at 7:26 AM, Sven Hoexter <sven@timegate.de> wrote:

I'm not sure how the OpenSSH implementation handles ACLs, maybe that's

an option but I did not test it.

my first problem is successfully logging in with sftp-only and chroot'ing in place. AFAIK - ACL's would only come into play afterward.

  

Then there is Proftpd which has a mod_sftp extension.

And there are still the solutions which predate the chroot() and sftp-internal
implementation possible with OpenSSH like
- scponly
- rssh
- rush

All of them have a somewhat mixed security record and have some cost in
terms of chroot setup and mainting them properly.

Sven, TX much for your reply...

proftpd:  

1) wheezy does not have an sftp module

2) proftpd appears to rely on openssh for sftp, so appears to add no value.

3) IF proftpd did provide working sftp - appears that it can not share port 22 w/ openssh (which i do still need for full-access users unrelated to SFTP).

scponly:  does not appear to be provided in wheezy !?!? can't find out why....

rssh/rush:

1) not sure what is: diff rssh rush  (searches come up worthless to answer this)

2) i haven't used rssh in a very long time - i guess i have to dig into it again to see if it will allow chroot'ing with group "w" perms.

3) "mixed security record" is a big concern.