DaemonForums  

Go Back   DaemonForums > FreeBSD > FreeBSD Security

FreeBSD Security Securing FreeBSD.

 
 
Thread Tools Display Modes
Prev Previous Post   Next Post Next
  #1   (View Single Post)  
Old 20th September 2009
Albright Albright is offline
Port Guard
 
Join Date: Apr 2009
Posts: 14
Thanked 0 Times in 0 Posts
Default Safe FTP/SFTP access questions

We're a company that builds web sites (among other things) and are transitioning from moving most of our clients from various crappy shared hosting accounts to our own FreeBSD-powered web server. Some of them got used to the idea of having FTP access to their accounts at the shared hosting services - for example, a photographer who often sells prints and used equipment via eBay wants to be able to host photos for his auctions from his webspace without having to use some cheesy web-based file uploader to get the files uploaded. Previously, we just had accounts/access for the sysadmins, but it was becoming clear that that's going to be untenable. So after reading up on it in Absolute FreeBSD, I created some chrooted user accounts with /dev/null as their shell and fired up ftpd via inetd.

Issues:

I'd prefer to have people be able to connect via SFTP, but it looks like doing this chrooted will be some big huge ugly affair involving setting up jails and using the sftponly shell, which is really more complicated than I think it should be. Is there any way to simply say, "Okay, behave just like ftpd is now, but also allow SFTP connections?"

Also, is there any way to make it so these users can absolutely, positively never set the execute bits on any file they upload?

Any other security tips for this sort of a situation would be appreciated. Thanks in advance.
Reply With Quote
 

Tags
openssh internal-sftp, sftp

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
swine: am i safe? ax0 Off-Topic 8 2nd May 2009 08:03 AM
List of users connected by sftp. amscotti OpenBSD General 7 1st April 2009 07:26 PM
PureFTP + TLS / or SFTP plexter OpenBSD Security 11 6th October 2008 10:32 PM
build a sftp server milo974 OpenBSD General 9 26th September 2008 11:09 AM
obsd 4.3 chrooted sftp permissions? luismi OpenBSD General 4 12th July 2008 11:39 PM


All times are GMT. The time now is 06:27 AM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick