my current situation is that my ssh port is firewalled to just allow my ip ranges, whereas ftp access is the one my clients use.
however i plan to shut down ftp and pop/imap without ssl, so users would have to use sftp/scp, which can be done with scponly, the default shell for my clients anyway.
but i noticed a problem: users can navigate away from their home. i don’t really like that, i remember that scponly can lock this down further and make sftp/scp think their home is actually the root path.
how can i achieve this?
I haven’t done that at all before. That said, here’s a couple of tips…
It looks like while scponly does as you said – allows a user to get anywhere on the filesystem – the program "scponlyc" allows you to chroot a user into their home direcory.
If you do a “man scponlyc”, it’ll offer some details. A web-based version of that manpage is here:
On my Ubuntu system, it points to a program that you’d use to setup a chroot environment:
It does look like there’s a little bit of effort involved there, but hopefully that’ll get you started!
yeah, i found this:
however it looks like this script is to be used to create a new user, so it does not really integrate with virtualmin, nor does it "upgrade" any existing users…
has anybody successfully set up chrooted scponly under virtualmin?
If you search for ssh and chroot here you’ll find my not so humble opinion of chroot environments. I’m of the opinion that they provide the illusion of security, while actually breaking some great security features of OpenSSH. I simply can’t recommend chroot shells.
BTW-Unless you disallow execution of scripts, use of server-side includes, and any mail processing options for the user, you cannot prevent a user from seeing the “world” as their user permissions permit. You’re fooling yourself, if you think chrooting ssh prevents a user from seeing the rest of the system. But, the good news is that it’s OK. UNIX has had this permissions model in place for longer than most of our users have been alive (I think maybe even I might be younger than UNIX, now that I think of it), and it works out just fine. It’s perfectly safe for users to have “free run” of the system–things that contain sensitive data simply aren’t readable by non-root users. And things that are readable…well, they aren’t sensitive.
I understand your concerns and your point of view, so I understand that users can “browse” the system through scripts etc. But they would want to do so explicitly.
However, using SFTP is an everyday task, and being able to browse outside of their home kind of invites them to look around, they can easily see which, and how many domains the server hosts, they can read configuration files of services such as apache etc.
I dunno, I don’t really like this feeling, and I don’t think I’m going to enable password authentication on ssh and shut down ftp if that allows users to look around so easily.