SSH port forward and ftp
Michael.Smarsz at transact.com.au
Mon Feb 18 06:45:31 EST 2002
>There are a few reasons I don't want to do this.
>a) It would require direct access to the ftp box, which I don't want.
>b) It requires some kind of shell access, which I don't want to provide.
>(sftp requires sufficient shell access to read and write files etc).
>c) By default it would give users access to the complete directory tree,
>unless I work out how to get chroot working the sftp. I have no idea if this
>is even possible.
The commercial version of SSH is very easy to set up chrooted environments in.
The major bonus is that it is free to run on Linux, even in a full production/commercial use (well, at least the last time I checked it was).
Users can be locked into a "shell" which is in fact the sftpd. That user is not able to connect using anything other than sftp.
The only point that I think you'll have issues with is the direct/console access to the box - to my knowledge, you need to have console access to provide entropy whilst creating the keys.
More information about the linux