SSH port forward and ftp

Michael Smarsz Michael.Smarsz at
Mon Feb 18 06:45:31 EST 2002

>There are a few reasons I don't want to do this.
>a) It would require direct access to the ftp box, which I don't want.
>b) It requires some kind of shell access, which I don't want to provide.  
>(sftp requires sufficient shell access to read and write files etc).
>c) By default it would give users access to the complete directory tree, 
>unless I work out how to get chroot working the sftp.  I have no idea if this 
>is even possible.

The commercial version of SSH is very easy to set up chrooted environments in.

The major bonus is that it is free to run on Linux, even in a full production/commercial use (well, at least the last time I checked it was).

Users can be locked into a "shell" which is in fact the sftpd.  That user is not able to connect using anything other than sftp.

The only point that I think you'll have issues with is the direct/console access to the box - to my knowledge, you need to have console access to provide entropy whilst creating the keys.



More information about the linux mailing list